hive | c5741701b3866459dd1ffa2477cfd8776713612912693a5897f78aac795d23e9

Resubmissions

28-07-2024 16:38

240728-t5tryssgmm 10

07-07-2024 14:07

240707-rfgd8atekm 10

07-07-2024 14:07

240707-re689awdpe 10

13-09-2022 17:54

220913-wg1lpsgbg7 10

Analysis

max time kernel
88s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
28-07-2024 16:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

RansomwareSamples/Hive_17_07_2021_808KB.exe
Size

808KB
MD5

504bd1695de326bc533fde29b8a69319
SHA1

67f0c8d81aefcfc5943b31d695972194ac15e9f2
SHA256

a0b4e3d7e4cd20d25ad2f92be954b95eea44f8f1944118a3194295c5677db749
SHA512

18c5b28bafb13edf47f6a2b803d9d9a914945f037b266a765f2a324842c5ef04ebda27eba31851d2d63e00779a42900e0edfe4ad5bd817eb4f43fa4d4e3a4767
SSDEEP

24576:lafTGwLNdRk4RBtr/ioF4/I+CMx3cMt3/4KFG8Qz4YwY:IT7dRFr/ioFjicMtvV4z

Score

10^/10

hive defense_evasion execution impact ransomware spyware stealer upx

Malware Config

Signatures

Detects Go variant of Hive Ransomware 15 IoCs

Processes:

resource	yara_rule
behavioral28/memory/4344-346-0x0000000000690000-0x0000000000969000-memory.dmp	hive_go
behavioral28/memory/4344-878-0x0000000000690000-0x0000000000969000-memory.dmp	hive_go
behavioral28/memory/4344-1121-0x0000000000690000-0x0000000000969000-memory.dmp	hive_go
behavioral28/memory/4344-1506-0x0000000000690000-0x0000000000969000-memory.dmp	hive_go
behavioral28/memory/4344-2638-0x0000000000690000-0x0000000000969000-memory.dmp	hive_go
behavioral28/memory/4344-3081-0x0000000000690000-0x0000000000969000-memory.dmp	hive_go
behavioral28/memory/4344-3517-0x0000000000690000-0x0000000000969000-memory.dmp	hive_go
behavioral28/memory/4344-3928-0x0000000000690000-0x0000000000969000-memory.dmp	hive_go
behavioral28/memory/4344-4316-0x0000000000690000-0x0000000000969000-memory.dmp	hive_go
behavioral28/memory/4344-4823-0x0000000000690000-0x0000000000969000-memory.dmp	hive_go
behavioral28/memory/4344-5729-0x0000000000690000-0x0000000000969000-memory.dmp	hive_go
behavioral28/memory/4344-6397-0x0000000000690000-0x0000000000969000-memory.dmp	hive_go
behavioral28/memory/4344-8184-0x0000000000690000-0x0000000000969000-memory.dmp	hive_go
behavioral28/memory/4344-9381-0x0000000000690000-0x0000000000969000-memory.dmp	hive_go
behavioral28/memory/4344-10109-0x0000000000690000-0x0000000000969000-memory.dmp	hive_go

Hive
A ransomware written in Golang first seen in June 2021.
ransomware hive
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware defense_evasion impact execution

File Deletion
T1070.004

Inhibit System Recovery
T1490

Windows Management Instrumentation
T1047

Drops startup file 1 IoCs

Processes:

Hive_17_07_2021_808KB.exe

description	ioc	process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini	Hive_17_07_2021_808KB.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 16 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral28/memory/4344-0-0x0000000000690000-0x0000000000969000-memory.dmp	upx
behavioral28/memory/4344-346-0x0000000000690000-0x0000000000969000-memory.dmp	upx
behavioral28/memory/4344-878-0x0000000000690000-0x0000000000969000-memory.dmp	upx
behavioral28/memory/4344-1121-0x0000000000690000-0x0000000000969000-memory.dmp	upx
behavioral28/memory/4344-1506-0x0000000000690000-0x0000000000969000-memory.dmp	upx
behavioral28/memory/4344-2638-0x0000000000690000-0x0000000000969000-memory.dmp	upx
behavioral28/memory/4344-3081-0x0000000000690000-0x0000000000969000-memory.dmp	upx
behavioral28/memory/4344-3517-0x0000000000690000-0x0000000000969000-memory.dmp	upx
behavioral28/memory/4344-3928-0x0000000000690000-0x0000000000969000-memory.dmp	upx
behavioral28/memory/4344-4316-0x0000000000690000-0x0000000000969000-memory.dmp	upx
behavioral28/memory/4344-4823-0x0000000000690000-0x0000000000969000-memory.dmp	upx
behavioral28/memory/4344-5729-0x0000000000690000-0x0000000000969000-memory.dmp	upx
behavioral28/memory/4344-6397-0x0000000000690000-0x0000000000969000-memory.dmp	upx
behavioral28/memory/4344-8184-0x0000000000690000-0x0000000000969000-memory.dmp	upx
behavioral28/memory/4344-9381-0x0000000000690000-0x0000000000969000-memory.dmp	upx
behavioral28/memory/4344-10109-0x0000000000690000-0x0000000000969000-memory.dmp	upx

Drops desktop.ini file(s) 64 IoCs

Processes:

Hive_17_07_2021_808KB.exe

description	ioc	process
File opened for modification	C:\Users\Admin\3D Objects\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group1\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Admin\Searches\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Admin\Music\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Public\Pictures\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group2\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Admin\Favorites\Links\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Public\Downloads\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Admin\Downloads\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Admin\Pictures\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Admin\Videos\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Public\Music\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\$Recycle.Bin\S-1-5-21-2990742725-2267136959-192470804-1000\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files (x86)\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Admin\OneDrive\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Admin\Saved Games\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\AccountPictures\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Admin\Contacts\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Admin\Pictures\Camera Roll\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Public\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\History\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Admin\Desktop\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	Hive_17_07_2021_808KB.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Admin\Documents\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Admin\Favorites\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn1\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group3\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Public\Desktop\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\SendTo\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Public\Videos\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Public\Libraries\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	F:\$RECYCLE.BIN\S-1-5-21-2990742725-2267136959-192470804-1000\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Application Shortcuts\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Admin\Links\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn2\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Admin\Pictures\Saved Pictures\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.ini	Hive_17_07_2021_808KB.exe

Drops file in Program Files directory 64 IoCs

Processes:

Hive_17_07_2021_808KB.exe

description	ioc	process
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\OFFSYMXB.TTF	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\selection-actions2x.png	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Locales\th.pak	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalPipcR_OEM_Perp-ul-phn.xrm-ms	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\O365ProPlusR_Subscription3-ppd.xrm-ms	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\System.Reflection.DispatchProxy.dll	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\DW\DW20.EXE.xhylKSmuz5RNbZ6NUxzXXl1z1Llp7988Z82sMGmoKzY.hive	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Locales\en-GB.pak.DATA	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\AppTiles\contrast-white\Weather_TileMediumSquare.scale-100.png	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_x64__8wekyb3d8bbwe\Assets\contrast-white\OrientationControlCone.png	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\home\images\icons_retina.png	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\TipRes.dll	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\js\nls\en-ae\ui-strings.js	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19071.12548.0_x64__8wekyb3d8bbwe\WebviewOffline.html	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.1903.1152.0_x64__8wekyb3d8bbwe\images\Wide310x150Logo.scale-200.png	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\add-account\js\nls\sl-si\ui-strings.js	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\Snippets\ShouldNotThrow.snippets.ps1xml	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\DCF\Microsoft.Vbe.Interop.dll.xhylKSmuz5RNbZ6NUxzXXhH4QPoJ3sptJm3jUOv79yA.hive	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19071.19011.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\contrast-black\WideLogo.scale-100_contrast-black.png	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\api-ms-win-core-util-l1-1-0.dll.xhylKSmuz5RNbZ6NUxzXXoaMYv-VtvQnY7j94fIKw2c.hive	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\MSIPC\kk\msipc.dll.mui	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\Help\Keywords.HxK	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\VBA\VBA7.1\1033\VBCN6.CHM	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Work\RTL\contrast-white\WideTile.scale-200.png	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\Fonts\private\ITCKRIST.TTF.xhylKSmuz5RNbZ6NUxzXXiB8Xp4h7IRlxbfcwtaDC1c.hive	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16001.12026.20112.0_x64__8wekyb3d8bbwe\images\8080_36x36x32.png	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\OIMG.DLL	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProfessionalDemoR_BypassTrial180-ul-oob.xrm-ms	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\Java\jre-1.8\lib\flavormap.properties.xhylKSmuz5RNbZ6NUxzXXvTOAj-qg8A95u6AO2R0KCU.hive	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.ServiceModel.Web.dll	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Locales\pt-PT.pak.DATA	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe\Assets\Store\Wide310x150Logo.scale-125.png	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\sw\LC_MESSAGES\vlc.mo	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxMailSplashLogo.scale-200.png	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\System\ole db\xmlrwbin.dll	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsAlarms_10.1906.2182.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WorldClockSmallTile.contrast-black_scale-125.png	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.0.30251.0_x64__8wekyb3d8bbwe\Assets\AppPackageWideTile.scale-150.png	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Snippets\It.snippets.ps1xml	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.371\goopdateres_vi.dll	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\HxMailSmallTile.scale-125.png	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files (x86)\Common Files\System\Ole DB\msdaer.dll	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\ResiliencyLinks\Locales\gl.pak.DATA	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\FirstRunLogo.scale-80.png	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\SkypeforBusiness2019VL_MAK_AE-ul-oob.xrm-ms	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\VisioStd2019R_Retail-ul-oob.xrm-ms.xhylKSmuz5RNbZ6NUxzXXk9pUMQCpzYNCsVEnAHz7iU.hive	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-100_8wekyb3d8bbwe\Assets\SecondaryTiles\TrafficHub\contrast-white\SmallTile.scale-100.png	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_10.1906.1972.0_x64__8wekyb3d8bbwe\Assets\VoiceRecorderStoreLogo.contrast-black_scale-100.png	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\file_types\themes\dark\s_agreement_filetype.svg	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\reviews\images\themes\dark\bun.png	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSO.DLL.xhylKSmuz5RNbZ6NUxzXXj8xx3rS5iJ-C8wFzHKKCxg.hive	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.53.77.0_x64__kzf8qxf38zg5c\ReactAssets\assets\RNApp\app\uwp\images\subscription_intro\multiple-plans.png	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\DataModel\tmpersistence_xl.dll	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsCamera_2018.826.98.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\WindowsIcons\WindowsCameraSmallTile.contrast-black_scale-125.png	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\MSIPC\ja\msipc.dll.mui.xhylKSmuz5RNbZ6NUxzXXjXcBHj2oBoW-1ozTi16hRk.hive	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\desktop-connector-files\js\nls\hu-hu\ui-strings.js	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\Access2019R_OEM_Perp-pl.xrm-ms	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\WindowsBase.dll	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\WindowsApps\DeletedAllUserPackages\Microsoft.WindowsMaps_5.1906.1972.0_neutral_split.scale-125_8wekyb3d8bbwe\Assets\SecondaryTiles\Directions\Car\LTR\contrast-white\SmallTile.scale-125.png	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\on-boarding\images\themeless\ko_get.svg	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\sdxs\FA000000042\mecontrol.png	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\bg2.jpg	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-white\HxA-Generic-Light.scale-100.png	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe\images\contrast-black\HxCalendarSplashLogo.scale-400.png	Hive_17_07_2021_808KB.exe

Delays execution with timeout.exe 64 IoCs

evasion

Processes:

timeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exetimeout.exe

pid	process
916
960
4568	timeout.exe
2288
4528
1280
4884
528
4512
1764
2024
388
3476
3156	timeout.exe
4388	timeout.exe
2980
1720
1340
4780
1540
3908
3692	timeout.exe
864	timeout.exe
4116	timeout.exe
4396	timeout.exe
2792
4912
4512
2712
3084
296
556
2380	timeout.exe
4260
280
4892
3048
2232	timeout.exe
304	timeout.exe
4040
3568	timeout.exe
4720	timeout.exe
2992	timeout.exe
3244	timeout.exe
3572	timeout.exe
4916	timeout.exe
2504	timeout.exe
3884	timeout.exe
1008
3720
3888
304	timeout.exe
3980
4012
740
5032	timeout.exe
744	timeout.exe
2052	timeout.exe
1796
4492
4720	timeout.exe
2372
1068
3976

Interacts with shadow copies 3 TTPs 1 IoCs
Shadow copies are often targeted by ransomware to inhibit system recovery.
ransomware

File Deletion
T1070.004

Inhibit System Recovery
T1490

Direct Volume Access
T1006

Processes:

vssadmin.exe

pid process

1436 vssadmin.exe
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

Hive_17_07_2021_808KB.exe

pid process

4344 Hive_17_07_2021_808KB.exe
4344 Hive_17_07_2021_808KB.exe
Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

vssvc.exe

description pid process

Token: SeBackupPrivilege 4464 vssvc.exe
Token: SeRestorePrivilege 4464 vssvc.exe
Token: SeAuditPrivilege 4464 vssvc.exe

pid	process
1436	vssadmin.exe

pid	process
4344	Hive_17_07_2021_808KB.exe
4344	Hive_17_07_2021_808KB.exe

description	pid	process
Token: SeBackupPrivilege	4464	vssvc.exe
Token: SeRestorePrivilege	4464	vssvc.exe
Token: SeAuditPrivilege	4464	vssvc.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

Hive_17_07_2021_808KB.execmd.execmd.exe

description	pid	process	target process
PID 4344 wrote to memory of 688	4344	Hive_17_07_2021_808KB.exe	cmd.exe
PID 4344 wrote to memory of 688	4344	Hive_17_07_2021_808KB.exe	cmd.exe
PID 4344 wrote to memory of 1424	4344	Hive_17_07_2021_808KB.exe	cmd.exe
PID 4344 wrote to memory of 1424	4344	Hive_17_07_2021_808KB.exe	cmd.exe
PID 688 wrote to memory of 4332	688	cmd.exe	timeout.exe
PID 688 wrote to memory of 4332	688	cmd.exe	timeout.exe
PID 1424 wrote to memory of 1436	1424	cmd.exe	vssadmin.exe
PID 1424 wrote to memory of 1436	1424	cmd.exe	vssadmin.exe
PID 688 wrote to memory of 3456	688	cmd.exe	timeout.exe
PID 688 wrote to memory of 3456	688	cmd.exe	timeout.exe
PID 688 wrote to memory of 1012	688	cmd.exe	timeout.exe
PID 688 wrote to memory of 1012	688	cmd.exe	timeout.exe
PID 688 wrote to memory of 228	688	cmd.exe	timeout.exe
PID 688 wrote to memory of 228	688	cmd.exe	timeout.exe
PID 688 wrote to memory of 376	688	cmd.exe	timeout.exe
PID 688 wrote to memory of 376	688	cmd.exe	timeout.exe
PID 688 wrote to memory of 2608	688	cmd.exe	timeout.exe
PID 688 wrote to memory of 2608	688	cmd.exe	timeout.exe
PID 688 wrote to memory of 1932	688	cmd.exe	timeout.exe
PID 688 wrote to memory of 1932	688	cmd.exe	timeout.exe
PID 688 wrote to memory of 4512	688	cmd.exe	timeout.exe
PID 688 wrote to memory of 4512	688	cmd.exe	timeout.exe
PID 688 wrote to memory of 3492	688	cmd.exe	timeout.exe
PID 688 wrote to memory of 3492	688	cmd.exe	timeout.exe
PID 688 wrote to memory of 3236	688	cmd.exe	timeout.exe
PID 688 wrote to memory of 3236	688	cmd.exe	timeout.exe
PID 688 wrote to memory of 2716	688	cmd.exe	timeout.exe
PID 688 wrote to memory of 2716	688	cmd.exe	timeout.exe
PID 688 wrote to memory of 3304	688	cmd.exe	timeout.exe
PID 688 wrote to memory of 3304	688	cmd.exe	timeout.exe
PID 688 wrote to memory of 388	688	cmd.exe	timeout.exe
PID 688 wrote to memory of 388	688	cmd.exe	timeout.exe
PID 688 wrote to memory of 4396	688	cmd.exe	timeout.exe
PID 688 wrote to memory of 4396	688	cmd.exe	timeout.exe
PID 688 wrote to memory of 2720	688	cmd.exe	timeout.exe
PID 688 wrote to memory of 2720	688	cmd.exe	timeout.exe
PID 688 wrote to memory of 712	688	cmd.exe	timeout.exe
PID 688 wrote to memory of 712	688	cmd.exe	timeout.exe
PID 688 wrote to memory of 3908	688	cmd.exe	timeout.exe
PID 688 wrote to memory of 3908	688	cmd.exe	timeout.exe
PID 688 wrote to memory of 2512	688	cmd.exe	timeout.exe
PID 688 wrote to memory of 2512	688	cmd.exe	timeout.exe
PID 688 wrote to memory of 1892	688	cmd.exe	timeout.exe
PID 688 wrote to memory of 1892	688	cmd.exe	timeout.exe
PID 688 wrote to memory of 1104	688	cmd.exe	timeout.exe
PID 688 wrote to memory of 1104	688	cmd.exe	timeout.exe
PID 688 wrote to memory of 3692	688	cmd.exe	timeout.exe
PID 688 wrote to memory of 3692	688	cmd.exe	timeout.exe
PID 688 wrote to memory of 4988	688	cmd.exe	timeout.exe
PID 688 wrote to memory of 4988	688	cmd.exe	timeout.exe
PID 688 wrote to memory of 2936	688	cmd.exe	timeout.exe
PID 688 wrote to memory of 2936	688	cmd.exe	timeout.exe
PID 688 wrote to memory of 1928	688	cmd.exe	timeout.exe
PID 688 wrote to memory of 1928	688	cmd.exe	timeout.exe
PID 688 wrote to memory of 1644	688	cmd.exe	timeout.exe
PID 688 wrote to memory of 1644	688	cmd.exe	timeout.exe
PID 688 wrote to memory of 3064	688	cmd.exe	timeout.exe
PID 688 wrote to memory of 3064	688	cmd.exe	timeout.exe
PID 688 wrote to memory of 5080	688	cmd.exe	timeout.exe
PID 688 wrote to memory of 5080	688	cmd.exe	timeout.exe
PID 688 wrote to memory of 972	688	cmd.exe	timeout.exe
PID 688 wrote to memory of 972	688	cmd.exe	timeout.exe
PID 688 wrote to memory of 4912	688	cmd.exe	timeout.exe
PID 688 wrote to memory of 4912	688	cmd.exe	timeout.exe

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\RansomwareSamples\Hive_17_07_2021_808KB.exe
"C:\Users\Admin\AppData\Local\Temp\RansomwareSamples\Hive_17_07_2021_808KB.exe"
1⤵
- Drops startup file
- Drops desktop.ini file(s)
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4344
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c hive.bat >NUL 2>NUL
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:688
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4332
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3456
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1012
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:228
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:376
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2608
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1932
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4512
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3492
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3236
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2716
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3304
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:388
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4396
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2720
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:712
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3908
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2512
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1892
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1104
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3692
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4988
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2936
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1928
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1644
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3064
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5080
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:972
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4912
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2304
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2444
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5000
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:292
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3868
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:916
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2504
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4832
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4764
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3408
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1684
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2424
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3132
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1220
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:896
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4960
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5024
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2716
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4668
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:388
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    - Delays execution with timeout.exe
    PID:4396
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4904
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1588
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:712
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1456
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4564
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5044
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1796
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2280
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1104
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3852
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4064
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2932
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4104
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4036
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4544
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2936
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    - Delays execution with timeout.exe
    PID:4916
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4332
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1280
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4824
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2000
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3496
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5080
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1416
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3212
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2304
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:296
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2080
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4552
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    - Delays execution with timeout.exe
    PID:2504
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3244
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4348
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1544
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1312
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:864
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:540
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:456
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3236
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1468
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3264
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2392
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3568
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2764
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    - Delays execution with timeout.exe
    PID:5032
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4668
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:388
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4396
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    - Delays execution with timeout.exe
    PID:3884
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2052
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1588
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:712
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1536
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1456
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1368
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1892
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1008
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2820
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3688
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2452
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1148
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4824
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4584
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4440
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:644
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4912
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:684
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4828
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1888
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3472
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1836
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4348
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1716
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3664
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4196
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4688
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1468
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4424
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    - Delays execution with timeout.exe
    PID:3568
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:780
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4456
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:388
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2632
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1216
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2712
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4864
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1108
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1252
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1104
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4944
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4116
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4452
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4252
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2412
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1612
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:292
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2080
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4232
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2504
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3492
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:820
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    - Delays execution with timeout.exe
    PID:4720
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4492
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2564
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4280
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3264
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2392
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3568
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3984
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:780
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4772
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2992
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1652
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2712
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1536
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1456
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1908
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2908
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1008
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3688
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4988
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2452
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4404
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2620
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:744
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:644
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5000
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4828
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4508
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2480
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4528
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4764
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:656
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1684
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:864
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    - Delays execution with timeout.exe
    PID:4720
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2564
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4656
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3028
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2392
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5032
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2976
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2052
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1652
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4716
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1536
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1792
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1892
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3600
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3692
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3356
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4544
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4892
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2980
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2000
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1540
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:744
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4912
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1612
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4712
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2076
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2232
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1888
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3472
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4552
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2944
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4692
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1544
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4348
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:656
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1684
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1304
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:864
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4720
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3856
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4156
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4960
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:668
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2716
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2764
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4372
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2436
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4904
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3700
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:712
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4864
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1368
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3404
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4768
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1008
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2644
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3312
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    - Delays execution with timeout.exe
    PID:3692
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3356
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2452
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4332
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4404
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2620
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4440
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    - Delays execution with timeout.exe
    PID:744
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4912
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1612
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:916
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4508
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2372
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4692
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:388
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2424
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:820
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1304
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4720
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2792
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1616
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4992
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3984
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4456
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5032
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:780
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3816
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3700
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1652
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1288
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1796
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2908
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4288
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4240
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4104
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4112
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3356
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1148
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3496
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:972
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4072
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:288
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4912
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1436
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3840
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4304
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2480
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2504
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2372
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4348
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5076
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1716
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2424
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4568
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:864
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4492
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3276
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1468
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3264
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3936
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4100
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2764
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4668
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4456
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4396
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1692
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2904
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1680
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1288
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1252
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4768
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1008
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2644
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2820
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4132
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4988
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2772
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1148
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1968
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2608
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2632
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:288
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5000
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3868
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4828
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4496
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4368
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2504
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1312
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3132
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2440
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1304
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3276
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3292
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2392
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4372
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4668
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2976
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2692
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4692
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1680
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1908
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1892
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2908
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1008
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2644
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3692
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4116
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4544
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3572
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4892
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4584
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5080
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4404
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:644
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1720
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4440
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2304
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:300
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:288
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1788
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3868
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3472
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4552
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4020
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2372
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:388
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3132
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2424
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4156
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4424
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:668
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1616
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3568
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2764
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4372
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    - Delays execution with timeout.exe
    PID:2992
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2436
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1588
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1340
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4692
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1368
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1796
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1892
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3156
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1760
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4104
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2380
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:960
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4824
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3496
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2000
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2580
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2444
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5000
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1932
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3244
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4368
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4660
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5076
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:656
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    - Delays execution with timeout.exe
    PID:4568
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:864
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4880
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2564
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4656
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4960
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3272
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3292
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4384
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3568
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3204
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4456
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2976
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1692
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1368
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3404
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1252
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4524
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1008
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4944
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4544
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2452
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4452
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:368
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4072
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:304
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4912
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2080
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1932
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2480
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2592
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1680
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4388
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3492
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1716
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2440
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:864
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4492
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3276
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4960
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3292
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4100
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2280
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3028
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5032
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:780
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4904
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2692
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2904
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1692
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3844
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2932
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    - Delays execution with timeout.exe
    PID:3156
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3312
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4132
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4544
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4616
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4252
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:972
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2608
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2444
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4912
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4828
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4496
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    - Delays execution with timeout.exe
    PID:3244
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1836
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1680
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1684
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1716
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    - Delays execution with timeout.exe
    PID:864
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4424
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2716
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3984
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5032
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1588
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1108
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3128
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4768
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3284
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2352
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4944
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3572
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2912
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4332
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:300
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1788
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3408
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3492
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3980
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:864
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5024
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:668
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1068
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    - Delays execution with timeout.exe
    PID:2052
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1340
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1908
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1892
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3948
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1928
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4544
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:972
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:304
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1888
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2840
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5076
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3492
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4880
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4936
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3568
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2596
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1796
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3692
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1008
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4116
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5080
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:684
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1140
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4368
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1684
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3200
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5024
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:668
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1068
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3556
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4832
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2352
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2452
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:368
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1088
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:296
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1788
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2480
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2372
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1684
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4720
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2720
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:780
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3700
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4288
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3828
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4112
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1148
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4072
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1088
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4508
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4764
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5076
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3132
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2820
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1868
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2280
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:780
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2904
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1368
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4536
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3688
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4824
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3236
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2076
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4668
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4508
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:736
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4196
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4492
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1304
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:864
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3204
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4772
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1588
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1928
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3844
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3828
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1272
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4132
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2424
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    - Delays execution with timeout.exe
    PID:3572
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1540
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1612
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1888
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1708
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1836
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3664
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:656
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4268
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3200
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4424
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1868
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4372
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3816
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2436
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2276
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3668
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2360
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1908
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4524
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2976
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3948
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2428
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4944
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:960
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3496
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4252
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2000
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5080
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:972
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2632
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:268
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5000
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2944
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4828
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3604
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2840
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4020
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4348
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3664
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:540
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:656
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3132
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2584
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4044
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:964
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:864
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2440
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2992
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4564
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1216
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:780
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1456
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2904
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1928
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2932
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4288
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1584
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2644
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1008
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4240
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3688
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2980
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:960
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4584
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1968
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:644
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4440
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1468
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1540
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:916
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2076
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2080
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1788
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4496
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4828
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3604
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2592
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1312
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3408
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3268
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:540
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1684
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4268
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:412
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1848
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4424
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4568
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2440
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:668
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3816
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1216
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1868
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1652
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1340
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1792
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1928
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3128
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1584
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2380
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3712
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2772
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2452
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4544
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4252
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4332
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1588
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2608
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1088
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    - Delays execution with timeout.exe
    PID:304
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4912
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1888
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2944
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1612
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4552
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4456
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1520
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4388
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3408
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1068
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4280
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4492
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2584
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4992
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:964
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1812
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4568
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4324
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:668
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2052
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2288
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1108
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2276
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2904
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1252
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3404
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4348
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2244
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4536
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2316
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1008
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3312
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4116
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2980
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3496
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4404
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3572
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:368
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:644
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4440
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4616
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:280
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4072
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2608
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1088
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1436
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:300
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2076
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1888
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4528
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:912
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1836
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    - Delays execution with timeout.exe
    PID:4388
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:656
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3980
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4260
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3908
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2372
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1544
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2360
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2428
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4116
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2504
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4332
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:972
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:292
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4552
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:456
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3728
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2908
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2820
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4396
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3884
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1848
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4260
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1812
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2440
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1076
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4564
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1216
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1868
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1496
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1340
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1368
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3844
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3600
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4104
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2644
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4892
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3712
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3312
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2104
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3856
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4452
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    - Delays execution with timeout.exe
    PID:4116
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2620
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3572
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4252
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4444
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4616
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:280
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2092
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4400
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:916
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:268
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3868
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2080
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3084
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1888
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1788
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4384
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4020
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3740
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1680
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3728
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4888
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4672
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3936
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:412
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3980
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4992
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1848
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4260
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2992
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3568
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3816
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1968
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4564
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2712
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5024
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4692
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1792
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3700
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1908
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2360
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:116
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1584
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2976
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    - Delays execution with timeout.exe
    PID:2380
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4240
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4132
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3156
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2452
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3212
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4544
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4404
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3572
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4252
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4444
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:684
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1956
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4712
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:308
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    - Delays execution with timeout.exe
    PID:2232
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2080
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2944
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3244
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4828
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:912
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4552
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4764
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:456
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1680
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3728
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4888
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2908
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3200
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4380
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:964
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4396
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2456
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2392
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1848
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4904
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2440
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2692
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2436
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3252
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1652
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1456
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4692
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4580
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3128
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1928
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1760
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4000
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4308
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4612
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4720
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3828
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4892
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3712
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2104
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:864
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2000
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2504
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1468
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2632
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3272
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2232
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4456
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:912
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1056
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4660
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1680
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3728
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4672
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3304
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:412
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:964
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4100
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2260
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4260
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1812
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4904
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4324
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1076
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4936
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2436
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2712
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5024
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2276
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1792
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1252
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2360
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2404
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4484
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3388
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1292
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:632
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:612
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1596
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4348
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1584
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2380
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4796
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2428
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2772
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2452
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3496
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:368
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4404
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4960
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4156
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:280
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2444
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1088
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    - Delays execution with timeout.exe
    PID:304
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:308
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3284
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1368
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:292
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1612
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4384
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:736
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1312
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4196
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1680
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3728
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4264
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3200
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4044
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3580
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4424
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1900
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2280
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5032
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4772
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1968
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:780
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:220
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5024
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1340
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3700
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3844
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4024
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:712
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4000
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2324
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:612
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2792
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4524
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3828
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2976
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4892
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3712
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5044
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1148
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4452
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2452
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:864
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4544
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4404
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1588
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2608
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4072
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:972
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:916
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2632
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4912
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:308
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3284
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1368
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3244
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3604
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4552
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:456
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4280
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1684
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1380
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4412
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3028
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4568
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2052
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3984
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1108
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1868
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5024
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:764
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4768
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4816
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1292
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4720
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4524
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4796
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3856
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2620
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:744
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4824
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1796
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c shadow.bat >NUL 2>NUL
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1424
- - C:\Windows\system32\vssadmin.exe
    vssadmin.exe delete shadows /all /quiet
    3⤵
    - Interacts with shadow copies
    PID:1436

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4464

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s UsoSvc
1⤵
PID:4064

C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1220_none_7e21bc567c7ed16b\TiWorker.exe
C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1220_none_7e21bc567c7ed16b\TiWorker.exe -Embedding
1⤵
PID:4832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Windows Management Instrumentation

T1047

Persistence

Privilege Escalation

Defense Evasion

Direct Volume Access

T1006

Indicator Removal

T1070

File Deletion

T1070.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Inhibit System Recovery

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2990742725-2267136959-192470804-1000\desktop.ini

Filesize
129B

MD5
1efa7a4ff08615c29e8b642f1b5059e0

SHA1
9919795fa66a06bfc1b7e6a7a51b2966a741f80c

SHA256
08b65110cbf178c66255a3ea9a22e3dd90e0da1e380a3c592e9044ac0fd3fc68

SHA512
c7ca1e6a08d90c14480abec92e74a652a1046587e9da103bc4c1734ff57024b82631741a2a1c7436779b848360eea632196a8112577951aaaeffdd5a7e6ded10

Download Submit
C:\ProgramData\Microsoft\Windows\Caches\{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000001.db.xhylKSmuz5RNbZ6NUxzXXgzw-YBgsl0SbEc6JFIZfXQ.hive

Filesize
622KB

MD5
6b87631b89ce2301b19e290520260b59

SHA1
cb3b46515d43ea1f79b2edccd45f5143244e129b

SHA256
7533bbeadd451eb9a2fb1d3280b415a4a7cc1b7610d5ca4b5b72b7c0ff3a5807

SHA512
088bd71dae75ef3f44b184950a540828319905de60a8c3276c49614e6ca642f3eb7cdc8af4761386a1260097fb9aae0388f8503cbe6128cacbd224af363ed674

Download Submit
C:\Users\Admin\AppData\Local\Temp\RansomwareSamples\hive.bat

Filesize
232B

MD5
6358d970c3edccb57eae7dbf9f42d58f

SHA1
25b994c3b5604f4f67e1ac6250bc2f14ce690380

SHA256
9e36401051e677f69a82ab8fbdebd6b16210ee40612c8c7fa45ceb5d7757fe50

SHA512
44819fec7e90b903eece750d0a2de531520ed9e637e17e4a57786f9a61c6d4b95ff6072fc3530a9d35d8dc756bcfe20f80a6a07a72d35cf24b305053ae389131

Download Submit
C:\Users\Admin\AppData\Local\Temp\RansomwareSamples\shadow.bat

Filesize
57B

MD5
df5552357692e0cba5e69f8fbf06abb6

SHA1
4714f1e6bb75a80a8faf69434726d176b70d7bd8

SHA256
d158f9d53e7c37eadd3b5cc1b82d095f61484e47eda2c36d9d35f31c0b4d3ff8

SHA512
a837555a1175ab515e2b43da9e493ff0ccd4366ee59defe6770327818ca9afa6f3e39ecdf5262b69253aa9e2692283ee8cebc97d58edd42e676977c7f73d143d

Download Submit
memory/4344-3517-0x0000000000690000-0x0000000000969000-memory.dmp

Filesize
2.8MB

Download
memory/4344-3928-0x0000000000690000-0x0000000000969000-memory.dmp

Filesize
2.8MB

Download
memory/4344-1121-0x0000000000690000-0x0000000000969000-memory.dmp

Filesize
2.8MB

Download
memory/4344-1506-0x0000000000690000-0x0000000000969000-memory.dmp

Filesize
2.8MB

Download
memory/4344-2638-0x0000000000690000-0x0000000000969000-memory.dmp

Filesize
2.8MB

Download
memory/4344-3081-0x0000000000690000-0x0000000000969000-memory.dmp

Filesize
2.8MB

Download
memory/4344-0-0x0000000000690000-0x0000000000969000-memory.dmp

Filesize
2.8MB

Download
memory/4344-878-0x0000000000690000-0x0000000000969000-memory.dmp

Filesize
2.8MB

Download
memory/4344-4316-0x0000000000690000-0x0000000000969000-memory.dmp

Filesize
2.8MB

Download
memory/4344-4823-0x0000000000690000-0x0000000000969000-memory.dmp

Filesize
2.8MB

Download
memory/4344-5729-0x0000000000690000-0x0000000000969000-memory.dmp

Filesize
2.8MB

Download
memory/4344-6397-0x0000000000690000-0x0000000000969000-memory.dmp

Filesize
2.8MB

Download
memory/4344-8184-0x0000000000690000-0x0000000000969000-memory.dmp

Filesize
2.8MB

Download
memory/4344-9381-0x0000000000690000-0x0000000000969000-memory.dmp

Filesize
2.8MB

Download
memory/4344-346-0x0000000000690000-0x0000000000969000-memory.dmp

Filesize
2.8MB

Download
memory/4344-10109-0x0000000000690000-0x0000000000969000-memory.dmp

Filesize
2.8MB

Download