hive | c5741701b3866459dd1ffa2477cfd8776713612912693a5897f78aac795d23e9

Resubmissions

31/03/2025, 00:22

250331-apdw1ssjs8 10

28/03/2025, 22:52

250328-2tfd7avl15 10

25/03/2025, 14:57

250325-sb3mbsxxht 10

Analysis

max time kernel
484s
max time network
501s
platform
windows10-ltsc_2021_x64
resource
win10ltsc2021-20250314-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250314-enlocale:en-usos:windows10-ltsc_2021-x64system
submitted
31/03/2025, 00:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

RansomwareSamples/Hive_17_07_2021_808KB.exe
Size

808KB
MD5

504bd1695de326bc533fde29b8a69319
SHA1

67f0c8d81aefcfc5943b31d695972194ac15e9f2
SHA256

a0b4e3d7e4cd20d25ad2f92be954b95eea44f8f1944118a3194295c5677db749
SHA512

18c5b28bafb13edf47f6a2b803d9d9a914945f037b266a765f2a324842c5ef04ebda27eba31851d2d63e00779a42900e0edfe4ad5bd817eb4f43fa4d4e3a4767
SSDEEP

24576:lafTGwLNdRk4RBtr/ioF4/I+CMx3cMt3/4KFG8Qz4YwY:IT7dRFr/ioFjicMtvV4z

Score

10^/10

hive defense_evasion execution impact ransomware spyware stealer upx

Malware Config

Signatures

Detects Go variant of Hive Ransomware 8 IoCs

resource	yara_rule
behavioral14/memory/444-686-0x0000000000CD0000-0x0000000000FA9000-memory.dmp	hive_go
behavioral14/memory/444-685-0x0000000000CD0000-0x0000000000FA9000-memory.dmp	hive_go
behavioral14/memory/444-2460-0x0000000000CD0000-0x0000000000FA9000-memory.dmp	hive_go
behavioral14/memory/444-8118-0x0000000000CD0000-0x0000000000FA9000-memory.dmp	hive_go
behavioral14/memory/444-8988-0x0000000000CD0000-0x0000000000FA9000-memory.dmp	hive_go
behavioral14/memory/444-5472-0x0000000000CD0000-0x0000000000FA9000-memory.dmp	hive_go
behavioral14/memory/444-4226-0x0000000000CD0000-0x0000000000FA9000-memory.dmp	hive_go
behavioral14/memory/444-3293-0x0000000000CD0000-0x0000000000FA9000-memory.dmp	hive_go

Hive
A ransomware written in Golang first seen in June 2021.
ransomware hive
Hive family
hive
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware defense_evasion impact execution

File Deletion
T1070.004

Inhibit System Recovery
T1490

Windows Management Instrumentation
T1047

Drops startup file 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini	Hive_17_07_2021_808KB.exe

Loads dropped DLL 2 IoCs

pid	Process
3580	Process not Found
3580	Process not Found

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Drops desktop.ini file(s) 64 IoCs

description	ioc	Process
File opened for modification	F:\$RECYCLE.BIN\S-1-5-21-2123103809-19148277-2527443841-1000\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files (x86)\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Public\Documents\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Public\Pictures\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\History\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Public\Libraries\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\$Recycle.Bin\S-1-5-21-2123103809-19148277-2527443841-1000\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Admin\Pictures\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\DataServices\DESKTOP.INI	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group1\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Libraries\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Admin\Links\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Admin\Music\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Admin\OneDrive\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Application Shortcuts\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group2\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\AccountPictures\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Admin\Contacts\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Admin\Documents\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Public\Music\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Public\Videos\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Public\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Admin\Searches\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\WinX\Group3\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Admin\Desktop\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Admin\Favorites\Links\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Admin\3D Objects\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn1\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Admin\Saved Games\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Admin\Videos\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Public\Desktop\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Public\Downloads\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn2\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\SendTo\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Admin\Downloads\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\desktop.ini	Hive_17_07_2021_808KB.exe
File opened for modification	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\desktop.ini	Hive_17_07_2021_808KB.exe

UPX packed file 9 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral14/memory/444-0-0x0000000000CD0000-0x0000000000FA9000-memory.dmp	upx
behavioral14/memory/444-686-0x0000000000CD0000-0x0000000000FA9000-memory.dmp	upx
behavioral14/memory/444-685-0x0000000000CD0000-0x0000000000FA9000-memory.dmp	upx
behavioral14/memory/444-2460-0x0000000000CD0000-0x0000000000FA9000-memory.dmp	upx
behavioral14/memory/444-8118-0x0000000000CD0000-0x0000000000FA9000-memory.dmp	upx
behavioral14/memory/444-8988-0x0000000000CD0000-0x0000000000FA9000-memory.dmp	upx
behavioral14/memory/444-5472-0x0000000000CD0000-0x0000000000FA9000-memory.dmp	upx
behavioral14/memory/444-4226-0x0000000000CD0000-0x0000000000FA9000-memory.dmp	upx
behavioral14/memory/444-3293-0x0000000000CD0000-0x0000000000FA9000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Common Files\microsoft shared\MSInfo\uk-UA\msinfo32.exe.mui	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\133.0.6943.60\Locales\lt.pak	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Locales\uk.pak	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\MEDIA\BOMB.WAV.Rq7e-8oNNzbZ6UcmAWDxHnoaZuA3JrgW0f1WUQwahgk.hive	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\PIXEL\PIXEL.INF.Rq7e-8oNNzbZ6UcmAWDxHk1t-BOK1KsN442eGcjcjGQ.hive	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll.Rq7e-8oNNzbZ6UcmAWDxHrhNi7Dner0hIaufn_NggUc.hive	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\ClientOSub_eula.txt	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PPTICO.EXE	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\Locales\nl.pak	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\NL7MODELS0009.dll.Rq7e-8oNNzbZ6UcmAWDxHgVgMzpRI_cSftZrB-oD50k.hive	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Appstore\Download_on_the_App_Store_Badge_pl_135x40.svg.Rq7e-8oNNzbZ6UcmAWDxHk2p6KGHfidI25DUUkTbZhI.hive	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\lcms.dll	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\ResolveTest.vst	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\files\dev\nls\fr-fr\ui-strings.js.Rq7e-8oNNzbZ6UcmAWDxHk3l2FYT9UBA5aNxGLJt1Cs.hive	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProjectStdVL_KMS_Client-ul-oob.xrm-ms	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CAPSULES\PREVIEW.GIF	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\AccessR_Trial-ppd.xrm-ms.Rq7e-8oNNzbZ6UcmAWDxHpXETxb6J_lAJ8vma2BLQ1Y.hive	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\ko\WindowsFormsIntegration.resources.dll	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\java.exe	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PROOF\msth8FR.LEX	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\Mso30win32client.dll	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\Mozilla Firefox\freebl3.dll	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\WindowsPowerShell\Modules\Pester\3.4.0\Functions\Assertions\Should.ps1	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\ProPlusR_Retail-ppd.xrm-ms.Rq7e-8oNNzbZ6UcmAWDxHjoOkRNktZ1NLLmDneryW04.hive	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\lv_get.svg	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Xaml.resources.dll.Rq7e-8oNNzbZ6UcmAWDxHjb4NB56_EV9noJ4_cbKXQA.hive	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\DESIGNER\MSADDNDR.OLB	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\favicon.ico	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\activity-badge\js\nls\sv-se\ui-strings.js	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\7.0.16\System.Net.Mail.dll.Rq7e-8oNNzbZ6UcmAWDxHl7ZHboH88V5v70xpV2oQ18.hive	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\System.Drawing.Common.dll.Rq7e-8oNNzbZ6UcmAWDxHgoTPlLg81ImcCXM4vli5V8.hive	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\scan-files\images\themeless\Playstore\vi_get.svg.Rq7e-8oNNzbZ6UcmAWDxHvY62SLPclY0ppLZqoqXaBk.hive	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Licenses16\StandardR_Trial-ul-oob.xrm-ms	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\createpdfupsell-app\js\nls\sk-sk\ui-strings.js	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\my-files\js\nls\fr-fr\ui-strings.js	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\msedge_pwa_launcher.exe	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\7-Zip\Lang\el.txt.Rq7e-8oNNzbZ6UcmAWDxHgwrkxPJX_YiRvEyKwhommQ.hive	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-console-l1-1-0.dll	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\Microsoft.Mashup.Client.Initialization.dll	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\SONORA\THMBNAIL.PNG	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft Office\Office16\STSCOPY.DLL	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\System.Diagnostics.Process.dll	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\Locales\cy.pak	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\FilterModule.dll.Rq7e-8oNNzbZ6UcmAWDxHlm8SNVMIj5b_tgc2OVOf3w.hive	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\AdHocReportingExcelClient.dll	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\THEMES16\CASCADE\THMBNAIL.PNG	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\bn_IN\LC_MESSAGES\vlc.mo	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\s_ellipses_selected-hover.svg	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\app-center\js\nls\hu-hu\ui-strings.js	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\Microsoft.NETCore.App.runtimeconfig.json.Rq7e-8oNNzbZ6UcmAWDxHskteVlB_ONDhTTljlURo0Q.hive	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\images\themes\dark\s_listview.svg.Rq7e-8oNNzbZ6UcmAWDxHtI8FVwHl9ccqazXfHj3jBU.hive	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\RDCNotificationClient.appx	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\ja\PresentationFramework.resources.dll	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\LogoImages\WinWordLogoSmall.contrast-white_scale-80.png.Rq7e-8oNNzbZ6UcmAWDxHgckdkbrR4VLi2335z0AL2M.hive	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Numerics.Vectors.dll.Rq7e-8oNNzbZ6UcmAWDxHkeSsATcAH5OldhwxOpQOl4.hive	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\Configuration\card_terms_dict.txt	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-string-l1-1-0.dll.Rq7e-8oNNzbZ6UcmAWDxHuZAGH2w2Cs3_y1CLzuMoS0.hive	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\it\System.Windows.Forms.resources.dll	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.27\zh-Hant\UIAutomationProvider.resources.dll	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\combinepdf\images\rhp_world_icon_2x.png	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\133.0.3065.69\edge_game_assist\EdgeGameAssist.msix	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\es\System.Data.Services.Design.resources.dll	Hive_17_07_2021_808KB.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.2\System.Private.Xml.dll	Hive_17_07_2021_808KB.exe

Delays execution with timeout.exe 64 IoCs

defense_evasion

pid	Process
3716	Process not Found
4036	Process not Found
4372	Process not Found
6072	timeout.exe
5256	timeout.exe
5580	Process not Found
5064	Process not Found
6052	Process not Found
2060	Process not Found
5212	Process not Found
2496	timeout.exe
3560	timeout.exe
4304	Process not Found
1272	timeout.exe
3960	Process not Found
2832	Process not Found
3104	timeout.exe
4280	Process not Found
5316	Process not Found
3828	timeout.exe
632	timeout.exe
2348	Process not Found
5384	Process not Found
744	Process not Found
1868	timeout.exe
5200	timeout.exe
3400	timeout.exe
1668	timeout.exe
2324	timeout.exe
5508	Process not Found
4372	Process not Found
1020	timeout.exe
4876	timeout.exe
5556	timeout.exe
3900	timeout.exe
4072	Process not Found
3600	Process not Found
4048	Process not Found
5640	timeout.exe
4176	timeout.exe
2456	timeout.exe
2436	timeout.exe
2388	timeout.exe
4160	Process not Found
5616	Process not Found
1920	timeout.exe
3056	timeout.exe
5804	Process not Found
984	Process not Found
2456	Process not Found
4236	Process not Found
2580	timeout.exe
5408	Process not Found
4436	Process not Found
4044	Process not Found
1524	Process not Found
2144	timeout.exe
2660	timeout.exe
5224	Process not Found
3680	timeout.exe
3036	Process not Found
5744	Process not Found
5640	Process not Found
328	Process not Found

Interacts with shadow copies 3 TTPs 1 IoCs

Shadow copies are often targeted by ransomware to inhibit system recovery.

ransomware

File Deletion

T1070.004

Inhibit System Recovery

T1490

Direct Volume Access

T1006

pid	Process
5520	vssadmin.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
444	Hive_17_07_2021_808KB.exe
444	Hive_17_07_2021_808KB.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeBackupPrivilege	3672	vssvc.exe
Token: SeRestorePrivilege	3672	vssvc.exe
Token: SeAuditPrivilege	3672	vssvc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 444 wrote to memory of 5728	444	Hive_17_07_2021_808KB.exe	85
PID 444 wrote to memory of 5728	444	Hive_17_07_2021_808KB.exe	85
PID 444 wrote to memory of 2116	444	Hive_17_07_2021_808KB.exe	86
PID 444 wrote to memory of 2116	444	Hive_17_07_2021_808KB.exe	86
PID 5728 wrote to memory of 192	5728	cmd.exe	87
PID 5728 wrote to memory of 192	5728	cmd.exe	87
PID 2116 wrote to memory of 5520	2116	cmd.exe	88
PID 2116 wrote to memory of 5520	2116	cmd.exe	88
PID 5728 wrote to memory of 1556	5728	cmd.exe	89
PID 5728 wrote to memory of 1556	5728	cmd.exe	89
PID 5728 wrote to memory of 928	5728	cmd.exe	91
PID 5728 wrote to memory of 928	5728	cmd.exe	91
PID 5728 wrote to memory of 1640	5728	cmd.exe	92
PID 5728 wrote to memory of 1640	5728	cmd.exe	92
PID 5728 wrote to memory of 4936	5728	cmd.exe	94
PID 5728 wrote to memory of 4936	5728	cmd.exe	94
PID 5728 wrote to memory of 5024	5728	cmd.exe	95
PID 5728 wrote to memory of 5024	5728	cmd.exe	95
PID 5728 wrote to memory of 3692	5728	cmd.exe	96
PID 5728 wrote to memory of 3692	5728	cmd.exe	96
PID 5728 wrote to memory of 2352	5728	cmd.exe	97
PID 5728 wrote to memory of 2352	5728	cmd.exe	97
PID 5728 wrote to memory of 5068	5728	cmd.exe	98
PID 5728 wrote to memory of 5068	5728	cmd.exe	98
PID 5728 wrote to memory of 5780	5728	cmd.exe	99
PID 5728 wrote to memory of 5780	5728	cmd.exe	99
PID 5728 wrote to memory of 5232	5728	cmd.exe	100
PID 5728 wrote to memory of 5232	5728	cmd.exe	100
PID 5728 wrote to memory of 5532	5728	cmd.exe	101
PID 5728 wrote to memory of 5532	5728	cmd.exe	101
PID 5728 wrote to memory of 4208	5728	cmd.exe	102
PID 5728 wrote to memory of 4208	5728	cmd.exe	102
PID 5728 wrote to memory of 1084	5728	cmd.exe	103
PID 5728 wrote to memory of 1084	5728	cmd.exe	103
PID 5728 wrote to memory of 4872	5728	cmd.exe	104
PID 5728 wrote to memory of 4872	5728	cmd.exe	104
PID 5728 wrote to memory of 4064	5728	cmd.exe	105
PID 5728 wrote to memory of 4064	5728	cmd.exe	105
PID 5728 wrote to memory of 2600	5728	cmd.exe	106
PID 5728 wrote to memory of 2600	5728	cmd.exe	106
PID 5728 wrote to memory of 5564	5728	cmd.exe	107
PID 5728 wrote to memory of 5564	5728	cmd.exe	107
PID 5728 wrote to memory of 4616	5728	cmd.exe	108
PID 5728 wrote to memory of 4616	5728	cmd.exe	108
PID 5728 wrote to memory of 3164	5728	cmd.exe	109
PID 5728 wrote to memory of 3164	5728	cmd.exe	109
PID 5728 wrote to memory of 4168	5728	cmd.exe	110
PID 5728 wrote to memory of 4168	5728	cmd.exe	110
PID 5728 wrote to memory of 4132	5728	cmd.exe	111
PID 5728 wrote to memory of 4132	5728	cmd.exe	111
PID 5728 wrote to memory of 4120	5728	cmd.exe	112
PID 5728 wrote to memory of 4120	5728	cmd.exe	112
PID 5728 wrote to memory of 4072	5728	cmd.exe	113
PID 5728 wrote to memory of 4072	5728	cmd.exe	113
PID 5728 wrote to memory of 1044	5728	cmd.exe	114
PID 5728 wrote to memory of 1044	5728	cmd.exe	114
PID 5728 wrote to memory of 4044	5728	cmd.exe	115
PID 5728 wrote to memory of 4044	5728	cmd.exe	115
PID 5728 wrote to memory of 5316	5728	cmd.exe	116
PID 5728 wrote to memory of 5316	5728	cmd.exe	116
PID 5728 wrote to memory of 4472	5728	cmd.exe	117
PID 5728 wrote to memory of 4472	5728	cmd.exe	117
PID 5728 wrote to memory of 3824	5728	cmd.exe	118
PID 5728 wrote to memory of 3824	5728	cmd.exe	118

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\RansomwareSamples\Hive_17_07_2021_808KB.exe
"C:\Users\Admin\AppData\Local\Temp\RansomwareSamples\Hive_17_07_2021_808KB.exe"
1⤵
- Drops startup file
- Drops desktop.ini file(s)
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:444
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c hive.bat >NUL 2>NUL
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:5728
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:192
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1556
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:928
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1640
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4936
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5024
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3692
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2352
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5068
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5780
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5232
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5532
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4208
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1084
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4872
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4064
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2600
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5564
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4616
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3164
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4168
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4132
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4120
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4072
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1044
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4044
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5316
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4472
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3824
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4380
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3104
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5284
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4296
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    - Delays execution with timeout.exe
    PID:3560
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5836
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2500
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1104
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:560
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5044
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:972
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2944
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    - Delays execution with timeout.exe
    PID:3400
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3828
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5988
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    - Delays execution with timeout.exe
    PID:5256
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4084
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:6112
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1496
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4464
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1788
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5744
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2080
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:652
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1868
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2656
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4780
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3600
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5556
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2428
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2700
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3540
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2556
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5896
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1660
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3792
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:808
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4728
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1056
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1568
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    - Delays execution with timeout.exe
    PID:3056
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5180
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4376
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1284
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4048
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3136
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3044
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3340
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1100
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4536
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    - Delays execution with timeout.exe
    PID:4176
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5216
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:328
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2884
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:864
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1700
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4304
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1068
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5576
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4592
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4940
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4936
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4980
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5024
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5080
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2236
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3024
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5392
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5068
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4668
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:288
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:308
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5780
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:6140
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4708
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5592
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1348
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5532
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2316
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4368
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2264
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3964
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5288
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2480
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1084
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5924
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5580
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4872
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5136
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3396
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2856
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1628
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2872
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4616
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4080
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4112
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4100
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:6024
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2148
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4072
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2228
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5596
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5656
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2092
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1668
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    - Delays execution with timeout.exe
    PID:632
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:948
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2152
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2020
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:828
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4608
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5836
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3348
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:756
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5128
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2088
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2816
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2788
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5972
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3980
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1252
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2072
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5744
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2268
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1816
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2144
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2912
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2648
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3612
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:464
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1724
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4076
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5896
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:6136
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2780
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5820
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1056
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5984
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1180
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4484
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1304
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4048
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5636
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5616
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3340
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2860
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1616
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1644
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5352
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:192
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3812
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:6004
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5032
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5356
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5000
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4980
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5056
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2352
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4916
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3768
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1128
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5780
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5208
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:968
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3668
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1760
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1132
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1080
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4368
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3084
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5200
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2476
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4748
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5924
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5248
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4888
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:768
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3616
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:460
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4220
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4952
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5412
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1920
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4168
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3700
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4112
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4088
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    - Delays execution with timeout.exe
    PID:3680
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3676
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1296
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:964
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1028
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1664
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5804
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3696
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4552
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5792
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:416
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:648
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3836
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2832
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1264
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3284
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5476
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3856
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4820
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5992
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:972
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5172
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4960
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1740
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1564
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1216
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1900
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1788
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1712
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:456
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2252
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4212
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4780
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4068
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2576
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2836
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:464
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3368
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3300
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1524
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4348
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2780
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5712
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:904
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1568
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2568
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1176
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1408
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4340
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1304
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1560
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4048
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2972
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1580
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5272
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3372
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5860
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1616
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3852
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5152
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5124
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1556
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1756
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1640
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4592
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5012
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5072
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4272
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5024
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2236
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5392
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4276
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5068
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4668
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4576
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:804
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5600
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5952
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5232
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1308
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2320
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    - Delays execution with timeout.exe
    PID:4876
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2952
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:6048
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4756
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5648
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5248
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4888
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3760
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5136
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:768
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    - Delays execution with timeout.exe
    PID:2456
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5564
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5560
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4904
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5640
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3660
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3900
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:6024
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1840
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1044
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4352
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5656
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:832
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2092
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5312
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4380
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3428
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:416
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5548
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3836
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3152
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4608
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3652
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5252
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:560
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4412
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5992
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:972
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2660
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2516
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5172
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5772
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5848
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1160
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2652
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5244
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4464
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2132
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5744
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5420
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2552
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    - Delays execution with timeout.exe
    PID:2580
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1412
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5904
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1748
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:464
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3368
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1636
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4824
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4624
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3960
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:932
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1056
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4156
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5976
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2524
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1180
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:6100
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3028
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3060
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4036
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2644
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4312
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4736
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3372
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1616
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3852
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:192
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3820
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5032
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5004
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5000
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5012
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1164
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1472
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1288
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5036
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:296
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:300
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1128
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5448
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5592
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1124
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1136
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4432
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4208
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4280
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2480
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5308
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3392
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2600
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:768
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2456
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5852
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5560
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4652
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4168
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3660
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4112
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3680
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2756
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5540
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1784
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1028
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5316
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1664
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4672
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    - Delays execution with timeout.exe
    PID:1668
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1292
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4380
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    - Delays execution with timeout.exe
    PID:6072
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5548
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1604
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2832
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3080
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1104
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3856
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:560
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2560
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1796
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    - Delays execution with timeout.exe
    PID:3828
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3980
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1592
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1564
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1772
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1712
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4772
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2468
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2428
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2836
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4864
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1636
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5644
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4388
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5796
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5984
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:6100
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1444
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5272
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5216
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3088
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4204
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4996
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5028
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5064
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4276
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:296
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:6140
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1192
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3804
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:968
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1308
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5132
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    - Delays execution with timeout.exe
    PID:2324
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4756
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5580
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5248
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4064
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3396
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:780
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5136
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4744
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4880
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4652
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4088
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3260
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:964
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3288
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4472
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3412
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4704
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5284
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3152
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4608
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4820
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3740
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3400
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2516
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3828
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4372
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1676
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2080
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4780
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5296
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1724
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4384
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4476
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1484
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5644
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5180
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2156
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3028
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1200
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4440
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3664
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1644
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3088
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1640
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3692
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:280
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:300
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4556
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4648
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5232
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4128
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1132
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5052
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2476
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5864
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5308
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3868
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4220
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5412
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4104
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4120
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:6024
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1296
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1272
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:632
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3428
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1224
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1264
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5604
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3652
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3856
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2344
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3248
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3980
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1216
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2244
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1868
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2712
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3816
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1864
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4348
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5720
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2524
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2800
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4036
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2644
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4440
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1688
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3852
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5152
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5356
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4940
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4272
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5020
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4276
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4160
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4556
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5208
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5532
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1308
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4432
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5568
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5648
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5224
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5308
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3392
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:780
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5852
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:6052
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3708
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4168
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:688
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3680
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4584
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5944
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3644
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:564
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1664
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1668
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2152
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4704
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:448
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:648
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3836
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:828
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3456
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2500
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1928
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4860
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5252
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5128
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    - Delays execution with timeout.exe
    PID:2496
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5992
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3076
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2788
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2424
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5772
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3360
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:6108
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5244
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4372
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1812
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2432
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2268
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2196
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5420
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2080
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2468
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2580
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2912
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3468
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3596
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3368
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3756
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4864
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:6136
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1636
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3792
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4348
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5820
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2388
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:6040
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3056
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4376
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4512
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1408
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1112
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3052
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4500
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4312
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1100
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3452
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3372
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5352
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1644
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1828
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4000
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    - Delays execution with timeout.exe
    PID:2436
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3820
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4592
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5084
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5012
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5080
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5024
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4916
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4272
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:304
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4612
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:804
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4256
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4556
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1348
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5208
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1124
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1308
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2336
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4716
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1084
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5344
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2324
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4756
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4888
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5648
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2312
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4744
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:440
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4540
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4616
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3140
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:6052
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4132
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5664
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5280
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:688
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5996
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:6024
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5540
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1612
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:6064
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:752
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3824
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    - Delays execution with timeout.exe
    PID:1272
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4568
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:344
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3036
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4472
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4552
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4296
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:448
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5444
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1604
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2160
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3080
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2500
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1928
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5268
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1932
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2088
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4820
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5252
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:6008
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4964
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    - Delays execution with timeout.exe
    PID:2660
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3400
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1964
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5972
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5772
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3360
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5508
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1216
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5244
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2072
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5744
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:952
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1868
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2512
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5212
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2912
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1412
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5388
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3300
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5228
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1660
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4824
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1568
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1056
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1276
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5380
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1752
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1200
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4528
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5272
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5216
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1756
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4972
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4996
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5096
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5028
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5812
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4272
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:308
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4612
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5600
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5592
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4128
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1080
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5132
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    - Delays execution with timeout.exe
    PID:5200
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4432
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4784
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5864
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4752
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4756
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4024
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1744
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5224
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3620
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2856
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5564
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4744
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3868
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4540
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4880
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5852
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5412
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4904
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    - Delays execution with timeout.exe
    PID:5640
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3708
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:6052
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4920
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5664
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4100
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4112
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1280
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5596
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:6024
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5540
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2756
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5944
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1028
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:396
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2092
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3412
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    - Delays execution with timeout.exe
    PID:3104
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:552
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5452
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4296
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1368
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3560
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2384
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1604
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2160
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1104
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5604
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:936
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4860
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4244
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3856
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2024
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:972
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2496
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:560
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1420
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2788
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5256
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1252
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2652
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4464
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1216
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5244
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2100
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2132
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2244
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1676
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5420
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    - Delays execution with timeout.exe
    PID:2144
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1868
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2576
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    - Delays execution with timeout.exe
    PID:5556
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5296
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:708
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1872
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2556
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3756
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2420
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3256
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5692
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5748
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3960
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3216
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1052
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    - Delays execution with timeout.exe
    PID:2388
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:6040
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3656
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4484
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1304
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1408
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4932
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:6100
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2640
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1752
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1444
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3336
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1200
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2644
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5384
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4440
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5400
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:328
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1616
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5216
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1644
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5124
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3812
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5008
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1756
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4948
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5004
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4976
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2328
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2572
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5016
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5392
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1288
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5024
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:280
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:288
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4576
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5520
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4612
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:6016
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5320
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:6120
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1348
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5208
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:8
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4368
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1308
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3964
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3920
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:412
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5200
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1084
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5924
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5544
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4024
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3760
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3392
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2312
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2308
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:440
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4832
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4620
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:408
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4108
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5664
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2228
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5596
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2736
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1784
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3824
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3696
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:632
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4552
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5452
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2384
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5476
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3652
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1928
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1932
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4860
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4820
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5740
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2496
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3076
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1964
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2444
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5772
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4420
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:6108
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2032
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5508
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1680
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2432
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2768
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2196
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2080
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    - Delays execution with timeout.exe
    PID:1868
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5904
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:984
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2940
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5388
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5896
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1724
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2420
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1660
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3256
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4728
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4624
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5748
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5820
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1276
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1176
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2156
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3060
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:6100
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:888
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3336
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4528
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5860
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5276
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5724
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5352
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5216
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3088
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2436
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5008
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5040
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1640
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5096
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5012
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5812
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4276
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5952
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5208
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4368
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2336
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3004
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1084
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5344
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2416
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5248
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2600
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3620
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3760
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3396
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2224
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2412
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4540
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3748
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5412
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    - Delays execution with timeout.exe
    PID:1920
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    - Delays execution with timeout.exe
    PID:3900
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3800
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:536
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:6052
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5664
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3260
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1044
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2736
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1784
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4672
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4568
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4380
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3696
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5792
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1292
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:632
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:552
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5284
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4296
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:828
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2192
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3152
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3560
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3456
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4608
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:756
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:5476
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:1928
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    - Delays execution with timeout.exe
    PID:1020
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:3740
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:4820
- - C:\Windows\system32\timeout.exe
    timeout 1
    3⤵
    PID:2496
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c shadow.bat >NUL 2>NUL
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2116
- - C:\Windows\system32\vssadmin.exe
    vssadmin.exe delete shadows /all /quiet
    3⤵
    - Interacts with shadow copies
    PID:5520

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3672

C:\Windows\System32\WaaSMedicAgent.exe
C:\Windows\System32\WaaSMedicAgent.exe 78f9ae2e173a3389a568d468d9348a5b 1NZsnHCfVUK1UwvwEnZ1Ig.0.1.0.0.0
1⤵
PID:4772
- C:\Windows\System32\Conhost.exe
  \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
  2⤵
  PID:5420

C:\Windows\System32\sihclient.exe
C:\Windows\System32\sihclient.exe /cv 1NZsnHCfVUK1UwvwEnZ1Ig.0.2
1⤵
PID:2352

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv
1⤵
PID:288

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Windows Management Instrumentation

T1047

Persistence

Privilege Escalation

Defense Evasion

Direct Volume Access

T1006

Indicator Removal

T1070

File Deletion

T1070.004

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Inhibit System Recovery

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-2123103809-19148277-2527443841-1000\desktop.ini

Filesize
129B

MD5
e2c2b5910465a5a8a9e54b05d30509a2

SHA1
3c4cdfd1c7c805ec96e1a41f8024fb92834b5543

SHA256
707d6791f91549737ebadaa699f178612b0e3c89307429d4b751e2c7fdb832a7

SHA512
5edb3ff8f11cfc9cfc87e15746f6c5f8055f399d71feb7d9306631030d65437fd6a3b27471853dbed93a1cb09104f228cc1c9e90555c385c89cb0438b2e6225f

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msoshext.dll

Filesize
1.7MB

MD5
c606bd7c9c733dd27f74157c34e51742

SHA1
aab92689723449fbc3e123fb614dd536a74b74d4

SHA256
606390649012b31b5d83630f1186562e4b1ce4023d8870d8c29eb62e7e0769e0

SHA512
5f8fabe3d9753413d1aedcc76b9568c50dd25a5a6aeacd1ce88aecc28c0ba96dac80177679d380708213a0997946e49383bdaca7114c8c9526a24ed999194e38

Download Submit
C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\msvcp140.dll

Filesize
613KB

MD5
c1b066f9e3e2f3a6785161a8c7e0346a

SHA1
8b3b943e79c40bc81fdac1e038a276d034bbe812

SHA256
99e3e25cda404283fbd96b25b7683a8d213e7954674adefa2279123a8d0701fd

SHA512
36f9e6c86afbd80375295238b67e4f472eb86fcb84a590d8dba928d4e7a502d4f903971827fdc331353e5b3d06616664450759432fdc8d304a56e7dacb84b728

Download Submit
C:\Users\Admin\AppData\Local\Temp\RansomwareSamples\hive.bat

Filesize
232B

MD5
6358d970c3edccb57eae7dbf9f42d58f

SHA1
25b994c3b5604f4f67e1ac6250bc2f14ce690380

SHA256
9e36401051e677f69a82ab8fbdebd6b16210ee40612c8c7fa45ceb5d7757fe50

SHA512
44819fec7e90b903eece750d0a2de531520ed9e637e17e4a57786f9a61c6d4b95ff6072fc3530a9d35d8dc756bcfe20f80a6a07a72d35cf24b305053ae389131

Download Submit
C:\Users\Admin\AppData\Local\Temp\RansomwareSamples\shadow.bat

Filesize
57B

MD5
df5552357692e0cba5e69f8fbf06abb6

SHA1
4714f1e6bb75a80a8faf69434726d176b70d7bd8

SHA256
d158f9d53e7c37eadd3b5cc1b82d095f61484e47eda2c36d9d35f31c0b4d3ff8

SHA512
a837555a1175ab515e2b43da9e493ff0ccd4366ee59defe6770327818ca9afa6f3e39ecdf5262b69253aa9e2692283ee8cebc97d58edd42e676977c7f73d143d

Download Submit
memory/444-2460-0x0000000000CD0000-0x0000000000FA9000-memory.dmp

Filesize
2.8MB

Download
memory/444-0-0x0000000000CD0000-0x0000000000FA9000-memory.dmp

Filesize
2.8MB

Download
memory/444-8118-0x0000000000CD0000-0x0000000000FA9000-memory.dmp

Filesize
2.8MB

Download
memory/444-8988-0x0000000000CD0000-0x0000000000FA9000-memory.dmp

Filesize
2.8MB

Download
memory/444-5472-0x0000000000CD0000-0x0000000000FA9000-memory.dmp

Filesize
2.8MB

Download
memory/444-4226-0x0000000000CD0000-0x0000000000FA9000-memory.dmp

Filesize
2.8MB

Download
memory/444-3293-0x0000000000CD0000-0x0000000000FA9000-memory.dmp

Filesize
2.8MB

Download
memory/444-685-0x0000000000CD0000-0x0000000000FA9000-memory.dmp

Filesize
2.8MB

Download
memory/444-686-0x0000000000CD0000-0x0000000000FA9000-memory.dmp

Filesize
2.8MB

Download