28331e2705bf58bd76a9f8ba0f0a431b762eaf6e4284dbf12f1453dd3fecf281

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
08/12/2024, 08:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6f0604f8a16b94b61d714dfec11d0358.exe
Size

865KB
MD5

6f0604f8a16b94b61d714dfec11d0358
SHA1

558828c2ead68ea5883655299a3f0bfad1981ae5
SHA256

28331e2705bf58bd76a9f8ba0f0a431b762eaf6e4284dbf12f1453dd3fecf281
SHA512

76ebd74ec7b965ff20aad25aa6c0dfc5b7efef087f6bd4bf6f0b2f08427ac65bf320305db16ff00cebc5bfc98c8f22014ed5e7c9cedd37a05721b330326c4eb3
SSDEEP

24576:drl6kD68JmlotQfAVnxag+/zxRlk4t4p5G5wJm1wr:Zl328U2yfAVnsgSWpg5km

Score

7^/10

discovery upx

Malware Config

Signatures

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Allene.vbs	Allene.exe

Executes dropped EXE 64 IoCs

pid	Process
1480	Allene.exe
1104	Allene.exe
2764	Allene.exe
2568	Allene.exe
2872	Allene.exe
1736	Allene.exe
2632	Allene.exe
2520	Allene.exe
2448	Allene.exe
296	Allene.exe
1328	Allene.exe
1752	Allene.exe
1272	Allene.exe
2904	Allene.exe
2600	Allene.exe
3040	Allene.exe
1684	Allene.exe
1612	Allene.exe
2512	Allene.exe
904	Allene.exe
1768	Allene.exe
692	Allene.exe
1648	Allene.exe
1312	Allene.exe
888	Allene.exe
1596	Allene.exe
3012	Allene.exe
2208	Allene.exe
2132	Allene.exe
2712	Allene.exe
2588	Allene.exe
2580	Allene.exe
1724	Allene.exe
1808	Allene.exe
2084	Allene.exe
2076	Allene.exe
1580	Allene.exe
1396	Allene.exe
884	Allene.exe
1756	Allene.exe
2896	Allene.exe
484	Allene.exe
1088	Allene.exe
964	Allene.exe
1084	Allene.exe
1508	Allene.exe
1192	Allene.exe
2280	Allene.exe
2296	Allene.exe
2964	Allene.exe
1804	Allene.exe
2496	Allene.exe
1424	Allene.exe
2284	Allene.exe
2968	Allene.exe
2752	Allene.exe
2608	Allene.exe
2624	Allene.exe
2996	Allene.exe
948	Allene.exe
3068	Allene.exe
1788	Allene.exe
320	Allene.exe
1528	Allene.exe

Loads dropped DLL 1 IoCs

pid	Process
3016	6f0604f8a16b94b61d714dfec11d0358.exe

AutoIT Executable 64 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/memory/3016-15-0x0000000001350000-0x000000000152D000-memory.dmp	autoit_exe
behavioral1/memory/1480-29-0x0000000000380000-0x000000000055D000-memory.dmp	autoit_exe
behavioral1/memory/2764-41-0x0000000000380000-0x000000000055D000-memory.dmp	autoit_exe
behavioral1/memory/1104-40-0x0000000000380000-0x000000000055D000-memory.dmp	autoit_exe
behavioral1/memory/2568-52-0x0000000000380000-0x000000000055D000-memory.dmp	autoit_exe
behavioral1/memory/2764-51-0x0000000000380000-0x000000000055D000-memory.dmp	autoit_exe
behavioral1/memory/2568-62-0x0000000000380000-0x000000000055D000-memory.dmp	autoit_exe
behavioral1/memory/2872-63-0x0000000000380000-0x000000000055D000-memory.dmp	autoit_exe
behavioral1/memory/2872-72-0x0000000000380000-0x000000000055D000-memory.dmp	autoit_exe
behavioral1/memory/1736-83-0x0000000000380000-0x000000000055D000-memory.dmp	autoit_exe
behavioral1/memory/2632-93-0x0000000000380000-0x000000000055D000-memory.dmp	autoit_exe
behavioral1/memory/2520-103-0x0000000000380000-0x000000000055D000-memory.dmp	autoit_exe
behavioral1/memory/2448-104-0x0000000000380000-0x000000000055D000-memory.dmp	autoit_exe
behavioral1/memory/2448-114-0x0000000000380000-0x000000000055D000-memory.dmp	autoit_exe
behavioral1/memory/2872-115-0x0000000000380000-0x000000000055D000-memory.dmp	autoit_exe
behavioral1/memory/296-126-0x0000000000380000-0x000000000055D000-memory.dmp	autoit_exe
behavioral1/memory/1328-127-0x0000000000380000-0x000000000055D000-memory.dmp	autoit_exe
behavioral1/memory/1328-136-0x0000000000380000-0x000000000055D000-memory.dmp	autoit_exe
behavioral1/memory/1752-147-0x0000000000380000-0x000000000055D000-memory.dmp	autoit_exe
behavioral1/memory/1272-148-0x0000000000380000-0x000000000055D000-memory.dmp	autoit_exe
behavioral1/memory/1272-157-0x0000000000380000-0x000000000055D000-memory.dmp	autoit_exe
behavioral1/memory/2904-168-0x0000000000380000-0x000000000055D000-memory.dmp	autoit_exe
behavioral1/memory/1328-179-0x0000000000380000-0x000000000055D000-memory.dmp	autoit_exe
behavioral1/memory/2600-178-0x0000000000380000-0x000000000055D000-memory.dmp	autoit_exe
behavioral1/memory/3040-189-0x0000000000380000-0x000000000055D000-memory.dmp	autoit_exe
behavioral1/memory/1684-190-0x0000000000380000-0x000000000055D000-memory.dmp	autoit_exe
behavioral1/memory/1684-200-0x0000000000380000-0x000000000055D000-memory.dmp	autoit_exe
behavioral1/memory/1612-211-0x0000000000380000-0x000000000055D000-memory.dmp	autoit_exe
behavioral1/memory/2512-221-0x0000000000380000-0x000000000055D000-memory.dmp	autoit_exe
behavioral1/memory/904-232-0x0000000000380000-0x000000000055D000-memory.dmp	autoit_exe
behavioral1/memory/1768-233-0x0000000000380000-0x000000000055D000-memory.dmp	autoit_exe
behavioral1/memory/1768-242-0x0000000000380000-0x000000000055D000-memory.dmp	autoit_exe
behavioral1/memory/692-253-0x0000000000380000-0x000000000055D000-memory.dmp	autoit_exe
behavioral1/memory/1312-265-0x0000000000380000-0x000000000055D000-memory.dmp	autoit_exe
behavioral1/memory/1648-264-0x0000000000380000-0x000000000055D000-memory.dmp	autoit_exe
behavioral1/memory/1312-275-0x0000000000380000-0x000000000055D000-memory.dmp	autoit_exe
behavioral1/memory/1768-286-0x0000000000380000-0x000000000055D000-memory.dmp	autoit_exe
behavioral1/memory/1596-287-0x0000000000380000-0x000000000055D000-memory.dmp	autoit_exe
behavioral1/memory/888-285-0x0000000000380000-0x000000000055D000-memory.dmp	autoit_exe
behavioral1/memory/1596-297-0x0000000000380000-0x000000000055D000-memory.dmp	autoit_exe
behavioral1/memory/3012-307-0x0000000000380000-0x000000000055D000-memory.dmp	autoit_exe
behavioral1/memory/2132-318-0x0000000000380000-0x000000000055D000-memory.dmp	autoit_exe
behavioral1/memory/2208-317-0x0000000000380000-0x000000000055D000-memory.dmp	autoit_exe
behavioral1/memory/2712-329-0x0000000000380000-0x000000000055D000-memory.dmp	autoit_exe
behavioral1/memory/2132-328-0x0000000000380000-0x000000000055D000-memory.dmp	autoit_exe
behavioral1/memory/2712-339-0x0000000000380000-0x000000000055D000-memory.dmp	autoit_exe
behavioral1/memory/2588-340-0x0000000000380000-0x000000000055D000-memory.dmp	autoit_exe
behavioral1/memory/2588-348-0x0000000000380000-0x000000000055D000-memory.dmp	autoit_exe
behavioral1/memory/2580-357-0x0000000000380000-0x000000000055D000-memory.dmp	autoit_exe
behavioral1/memory/1724-358-0x0000000000380000-0x000000000055D000-memory.dmp	autoit_exe
behavioral1/memory/1808-367-0x0000000000380000-0x000000000055D000-memory.dmp	autoit_exe
behavioral1/memory/1724-366-0x0000000000380000-0x000000000055D000-memory.dmp	autoit_exe
behavioral1/memory/1808-375-0x0000000000380000-0x000000000055D000-memory.dmp	autoit_exe
behavioral1/memory/2084-376-0x0000000000380000-0x000000000055D000-memory.dmp	autoit_exe
behavioral1/memory/2588-385-0x0000000000380000-0x000000000055D000-memory.dmp	autoit_exe
behavioral1/memory/2084-384-0x0000000000380000-0x000000000055D000-memory.dmp	autoit_exe
behavioral1/memory/2076-386-0x0000000000380000-0x000000000055D000-memory.dmp	autoit_exe
behavioral1/memory/2076-394-0x0000000000380000-0x000000000055D000-memory.dmp	autoit_exe
behavioral1/memory/1580-395-0x0000000000380000-0x000000000055D000-memory.dmp	autoit_exe
behavioral1/memory/1580-402-0x0000000000380000-0x000000000055D000-memory.dmp	autoit_exe
behavioral1/memory/1396-411-0x0000000000380000-0x000000000055D000-memory.dmp	autoit_exe
behavioral1/memory/884-419-0x0000000000380000-0x000000000055D000-memory.dmp	autoit_exe
behavioral1/memory/1756-428-0x0000000000380000-0x000000000055D000-memory.dmp	autoit_exe
behavioral1/memory/2896-437-0x0000000000380000-0x000000000055D000-memory.dmp	autoit_exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3016-0-0x0000000001350000-0x000000000152D000-memory.dmp	upx
behavioral1/files/0x00090000000175e7-9.dat	upx
behavioral1/memory/1480-16-0x0000000000380000-0x000000000055D000-memory.dmp	upx
behavioral1/memory/3016-15-0x0000000001350000-0x000000000152D000-memory.dmp	upx
behavioral1/memory/1480-29-0x0000000000380000-0x000000000055D000-memory.dmp	upx
behavioral1/memory/2764-41-0x0000000000380000-0x000000000055D000-memory.dmp	upx
behavioral1/memory/1104-40-0x0000000000380000-0x000000000055D000-memory.dmp	upx
behavioral1/memory/2568-52-0x0000000000380000-0x000000000055D000-memory.dmp	upx
behavioral1/memory/2764-51-0x0000000000380000-0x000000000055D000-memory.dmp	upx
behavioral1/memory/2568-62-0x0000000000380000-0x000000000055D000-memory.dmp	upx
behavioral1/memory/2872-63-0x0000000000380000-0x000000000055D000-memory.dmp	upx
behavioral1/memory/1736-73-0x0000000000380000-0x000000000055D000-memory.dmp	upx
behavioral1/memory/2872-72-0x0000000000380000-0x000000000055D000-memory.dmp	upx
behavioral1/memory/1736-83-0x0000000000380000-0x000000000055D000-memory.dmp	upx
behavioral1/memory/2632-93-0x0000000000380000-0x000000000055D000-memory.dmp	upx
behavioral1/memory/2520-103-0x0000000000380000-0x000000000055D000-memory.dmp	upx
behavioral1/memory/2448-104-0x0000000000380000-0x000000000055D000-memory.dmp	upx
behavioral1/memory/2448-114-0x0000000000380000-0x000000000055D000-memory.dmp	upx
behavioral1/memory/296-116-0x0000000000380000-0x000000000055D000-memory.dmp	upx
behavioral1/memory/2872-115-0x0000000000380000-0x000000000055D000-memory.dmp	upx
behavioral1/memory/296-126-0x0000000000380000-0x000000000055D000-memory.dmp	upx
behavioral1/memory/1328-127-0x0000000000380000-0x000000000055D000-memory.dmp	upx
behavioral1/memory/1328-136-0x0000000000380000-0x000000000055D000-memory.dmp	upx
behavioral1/memory/1752-137-0x0000000000380000-0x000000000055D000-memory.dmp	upx
behavioral1/memory/1752-147-0x0000000000380000-0x000000000055D000-memory.dmp	upx
behavioral1/memory/1272-148-0x0000000000380000-0x000000000055D000-memory.dmp	upx
behavioral1/memory/1272-157-0x0000000000380000-0x000000000055D000-memory.dmp	upx
behavioral1/memory/2904-158-0x0000000000380000-0x000000000055D000-memory.dmp	upx
behavioral1/memory/2904-168-0x0000000000380000-0x000000000055D000-memory.dmp	upx
behavioral1/memory/1328-179-0x0000000000380000-0x000000000055D000-memory.dmp	upx
behavioral1/memory/2600-178-0x0000000000380000-0x000000000055D000-memory.dmp	upx
behavioral1/memory/3040-189-0x0000000000380000-0x000000000055D000-memory.dmp	upx
behavioral1/memory/1684-190-0x0000000000380000-0x000000000055D000-memory.dmp	upx
behavioral1/memory/1684-200-0x0000000000380000-0x000000000055D000-memory.dmp	upx
behavioral1/memory/1612-201-0x0000000000380000-0x000000000055D000-memory.dmp	upx
behavioral1/memory/1612-211-0x0000000000380000-0x000000000055D000-memory.dmp	upx
behavioral1/memory/904-222-0x0000000000380000-0x000000000055D000-memory.dmp	upx
behavioral1/memory/2512-221-0x0000000000380000-0x000000000055D000-memory.dmp	upx
behavioral1/memory/904-232-0x0000000000380000-0x000000000055D000-memory.dmp	upx
behavioral1/memory/1768-233-0x0000000000380000-0x000000000055D000-memory.dmp	upx
behavioral1/memory/692-243-0x0000000000380000-0x000000000055D000-memory.dmp	upx
behavioral1/memory/1768-242-0x0000000000380000-0x000000000055D000-memory.dmp	upx
behavioral1/memory/692-253-0x0000000000380000-0x000000000055D000-memory.dmp	upx
behavioral1/memory/1648-254-0x0000000000380000-0x000000000055D000-memory.dmp	upx
behavioral1/memory/1312-265-0x0000000000380000-0x000000000055D000-memory.dmp	upx
behavioral1/memory/1648-264-0x0000000000380000-0x000000000055D000-memory.dmp	upx
behavioral1/memory/1312-275-0x0000000000380000-0x000000000055D000-memory.dmp	upx
behavioral1/memory/1768-286-0x0000000000380000-0x000000000055D000-memory.dmp	upx
behavioral1/memory/1596-287-0x0000000000380000-0x000000000055D000-memory.dmp	upx
behavioral1/memory/888-285-0x0000000000380000-0x000000000055D000-memory.dmp	upx
behavioral1/memory/1596-297-0x0000000000380000-0x000000000055D000-memory.dmp	upx
behavioral1/memory/3012-307-0x0000000000380000-0x000000000055D000-memory.dmp	upx
behavioral1/memory/2132-318-0x0000000000380000-0x000000000055D000-memory.dmp	upx
behavioral1/memory/2208-317-0x0000000000380000-0x000000000055D000-memory.dmp	upx
behavioral1/memory/2712-329-0x0000000000380000-0x000000000055D000-memory.dmp	upx
behavioral1/memory/2132-328-0x0000000000380000-0x000000000055D000-memory.dmp	upx
behavioral1/memory/2712-339-0x0000000000380000-0x000000000055D000-memory.dmp	upx
behavioral1/memory/2588-340-0x0000000000380000-0x000000000055D000-memory.dmp	upx
behavioral1/memory/2588-348-0x0000000000380000-0x000000000055D000-memory.dmp	upx
behavioral1/memory/2580-349-0x0000000000380000-0x000000000055D000-memory.dmp	upx
behavioral1/memory/2580-357-0x0000000000380000-0x000000000055D000-memory.dmp	upx
behavioral1/memory/1724-358-0x0000000000380000-0x000000000055D000-memory.dmp	upx
behavioral1/memory/1808-367-0x0000000000380000-0x000000000055D000-memory.dmp	upx
behavioral1/memory/1724-366-0x0000000000380000-0x000000000055D000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Allene.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Allene.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Allene.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Allene.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Allene.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Allene.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Allene.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Allene.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Allene.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Allene.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Allene.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Allene.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Allene.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Allene.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Allene.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Allene.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Allene.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Allene.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Allene.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Allene.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Allene.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Allene.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Allene.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Allene.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Allene.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Allene.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Allene.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Allene.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Allene.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Allene.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Allene.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Allene.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Allene.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Allene.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Allene.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Allene.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Allene.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	6f0604f8a16b94b61d714dfec11d0358.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Allene.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Allene.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Allene.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Allene.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Allene.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Allene.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Allene.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Allene.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Allene.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Allene.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Allene.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Allene.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Allene.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Allene.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Allene.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Allene.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Allene.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Allene.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Allene.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Allene.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Allene.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Allene.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Allene.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Allene.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Allene.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Allene.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3016	6f0604f8a16b94b61d714dfec11d0358.exe
3016	6f0604f8a16b94b61d714dfec11d0358.exe
1480	Allene.exe
1480	Allene.exe
1104	Allene.exe
1104	Allene.exe
2764	Allene.exe
2764	Allene.exe
2568	Allene.exe
2568	Allene.exe
2872	Allene.exe
2872	Allene.exe
2872	Allene.exe
1736	Allene.exe
1736	Allene.exe
2632	Allene.exe
2632	Allene.exe
2520	Allene.exe
2520	Allene.exe
2448	Allene.exe
2448	Allene.exe
2448	Allene.exe
296	Allene.exe
296	Allene.exe
1328	Allene.exe
1328	Allene.exe
1752	Allene.exe
1752	Allene.exe
1272	Allene.exe
1272	Allene.exe
2904	Allene.exe
2904	Allene.exe
2600	Allene.exe
2600	Allene.exe
3040	Allene.exe
3040	Allene.exe
1684	Allene.exe
1684	Allene.exe
1612	Allene.exe
1612	Allene.exe
1612	Allene.exe
2512	Allene.exe
2512	Allene.exe
904	Allene.exe
904	Allene.exe
1768	Allene.exe
1768	Allene.exe
1768	Allene.exe
692	Allene.exe
692	Allene.exe
1648	Allene.exe
1648	Allene.exe
1312	Allene.exe
1312	Allene.exe
888	Allene.exe
888	Allene.exe
1596	Allene.exe
1596	Allene.exe
3012	Allene.exe
3012	Allene.exe
2208	Allene.exe
2208	Allene.exe
2132	Allene.exe
2132	Allene.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3016	6f0604f8a16b94b61d714dfec11d0358.exe
3016	6f0604f8a16b94b61d714dfec11d0358.exe
1480	Allene.exe
1480	Allene.exe
1104	Allene.exe
1104	Allene.exe
2764	Allene.exe
2764	Allene.exe
2568	Allene.exe
2568	Allene.exe
2872	Allene.exe
2872	Allene.exe
2872	Allene.exe
1736	Allene.exe
1736	Allene.exe
2632	Allene.exe
2632	Allene.exe
2520	Allene.exe
2520	Allene.exe
2448	Allene.exe
2448	Allene.exe
2448	Allene.exe
296	Allene.exe
296	Allene.exe
1328	Allene.exe
1328	Allene.exe
1752	Allene.exe
1752	Allene.exe
1272	Allene.exe
1272	Allene.exe
2904	Allene.exe
2904	Allene.exe
2600	Allene.exe
2600	Allene.exe
3040	Allene.exe
3040	Allene.exe
1684	Allene.exe
1684	Allene.exe
1612	Allene.exe
1612	Allene.exe
1612	Allene.exe
2512	Allene.exe
2512	Allene.exe
904	Allene.exe
904	Allene.exe
1768	Allene.exe
1768	Allene.exe
1768	Allene.exe
692	Allene.exe
692	Allene.exe
1648	Allene.exe
1648	Allene.exe
1312	Allene.exe
1312	Allene.exe
888	Allene.exe
888	Allene.exe
1596	Allene.exe
1596	Allene.exe
3012	Allene.exe
3012	Allene.exe
2208	Allene.exe
2208	Allene.exe
2132	Allene.exe
2132	Allene.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3016 wrote to memory of 1480	3016	6f0604f8a16b94b61d714dfec11d0358.exe	31
PID 3016 wrote to memory of 1480	3016	6f0604f8a16b94b61d714dfec11d0358.exe	31
PID 3016 wrote to memory of 1480	3016	6f0604f8a16b94b61d714dfec11d0358.exe	31
PID 3016 wrote to memory of 1480	3016	6f0604f8a16b94b61d714dfec11d0358.exe	31
PID 1480 wrote to memory of 1104	1480	Allene.exe	32
PID 1480 wrote to memory of 1104	1480	Allene.exe	32
PID 1480 wrote to memory of 1104	1480	Allene.exe	32
PID 1480 wrote to memory of 1104	1480	Allene.exe	32
PID 1104 wrote to memory of 2764	1104	Allene.exe	33
PID 1104 wrote to memory of 2764	1104	Allene.exe	33
PID 1104 wrote to memory of 2764	1104	Allene.exe	33
PID 1104 wrote to memory of 2764	1104	Allene.exe	33
PID 2764 wrote to memory of 2568	2764	Allene.exe	34
PID 2764 wrote to memory of 2568	2764	Allene.exe	34
PID 2764 wrote to memory of 2568	2764	Allene.exe	34
PID 2764 wrote to memory of 2568	2764	Allene.exe	34
PID 2568 wrote to memory of 2872	2568	Allene.exe	35
PID 2568 wrote to memory of 2872	2568	Allene.exe	35
PID 2568 wrote to memory of 2872	2568	Allene.exe	35
PID 2568 wrote to memory of 2872	2568	Allene.exe	35
PID 2872 wrote to memory of 1736	2872	Allene.exe	36
PID 2872 wrote to memory of 1736	2872	Allene.exe	36
PID 2872 wrote to memory of 1736	2872	Allene.exe	36
PID 2872 wrote to memory of 1736	2872	Allene.exe	36
PID 1736 wrote to memory of 2632	1736	Allene.exe	37
PID 1736 wrote to memory of 2632	1736	Allene.exe	37
PID 1736 wrote to memory of 2632	1736	Allene.exe	37
PID 1736 wrote to memory of 2632	1736	Allene.exe	37
PID 2632 wrote to memory of 2520	2632	Allene.exe	38
PID 2632 wrote to memory of 2520	2632	Allene.exe	38
PID 2632 wrote to memory of 2520	2632	Allene.exe	38
PID 2632 wrote to memory of 2520	2632	Allene.exe	38
PID 2520 wrote to memory of 2448	2520	Allene.exe	39
PID 2520 wrote to memory of 2448	2520	Allene.exe	39
PID 2520 wrote to memory of 2448	2520	Allene.exe	39
PID 2520 wrote to memory of 2448	2520	Allene.exe	39
PID 2448 wrote to memory of 296	2448	Allene.exe	40
PID 2448 wrote to memory of 296	2448	Allene.exe	40
PID 2448 wrote to memory of 296	2448	Allene.exe	40
PID 2448 wrote to memory of 296	2448	Allene.exe	40
PID 296 wrote to memory of 1328	296	Allene.exe	41
PID 296 wrote to memory of 1328	296	Allene.exe	41
PID 296 wrote to memory of 1328	296	Allene.exe	41
PID 296 wrote to memory of 1328	296	Allene.exe	41
PID 1328 wrote to memory of 1752	1328	Allene.exe	42
PID 1328 wrote to memory of 1752	1328	Allene.exe	42
PID 1328 wrote to memory of 1752	1328	Allene.exe	42
PID 1328 wrote to memory of 1752	1328	Allene.exe	42
PID 1752 wrote to memory of 1272	1752	Allene.exe	43
PID 1752 wrote to memory of 1272	1752	Allene.exe	43
PID 1752 wrote to memory of 1272	1752	Allene.exe	43
PID 1752 wrote to memory of 1272	1752	Allene.exe	43
PID 1272 wrote to memory of 2904	1272	Allene.exe	44
PID 1272 wrote to memory of 2904	1272	Allene.exe	44
PID 1272 wrote to memory of 2904	1272	Allene.exe	44
PID 1272 wrote to memory of 2904	1272	Allene.exe	44
PID 2904 wrote to memory of 2600	2904	Allene.exe	45
PID 2904 wrote to memory of 2600	2904	Allene.exe	45
PID 2904 wrote to memory of 2600	2904	Allene.exe	45
PID 2904 wrote to memory of 2600	2904	Allene.exe	45
PID 2600 wrote to memory of 3040	2600	Allene.exe	46
PID 2600 wrote to memory of 3040	2600	Allene.exe	46
PID 2600 wrote to memory of 3040	2600	Allene.exe	46
PID 2600 wrote to memory of 3040	2600	Allene.exe	46

C:\Users\Admin\AppData\Local\Temp\6f0604f8a16b94b61d714dfec11d0358.exe
"C:\Users\Admin\AppData\Local\Temp\6f0604f8a16b94b61d714dfec11d0358.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3016
- C:\Users\Admin\AppData\Local\Milburr\Allene.exe
  "C:\Users\Admin\AppData\Local\Temp\6f0604f8a16b94b61d714dfec11d0358.exe"
  2⤵
  - Drops startup file
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1480
- - C:\Users\Admin\AppData\Local\Milburr\Allene.exe
    "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:1104
  - - C:\Users\Admin\AppData\Local\Milburr\Allene.exe
      "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of WriteProcessMemory
      PID:2764
    - - C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2568
      - C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        9⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        10⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        11⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:296
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        12⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        13⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        14⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        15⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        16⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        17⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        18⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        19⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        20⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        21⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        22⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        23⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        24⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        25⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        26⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        27⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        28⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        29⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        30⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        31⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        32⤵
        Executes dropped EXE
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        33⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        34⤵
        Executes dropped EXE
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        35⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        36⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        37⤵
        Executes dropped EXE
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        38⤵
        Executes dropped EXE
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        39⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        40⤵
        Executes dropped EXE
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        41⤵
        Executes dropped EXE
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        42⤵
        Executes dropped EXE
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        43⤵
        Executes dropped EXE
        
        PID:484
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        44⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        45⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:964
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        46⤵
        Executes dropped EXE
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        47⤵
        Executes dropped EXE
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        48⤵
        Executes dropped EXE
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        49⤵
        Executes dropped EXE
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        50⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        51⤵
        Executes dropped EXE
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        52⤵
        Executes dropped EXE
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        53⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        54⤵
        Executes dropped EXE
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        55⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        56⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        57⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        58⤵
        Executes dropped EXE
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        59⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        60⤵
        Executes dropped EXE
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        61⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        62⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        63⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        64⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        65⤵
        Executes dropped EXE
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        66⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        67⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        68⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        69⤵
        System Location Discovery: System Language Discovery
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        70⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        71⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        72⤵
        System Location Discovery: System Language Discovery
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        73⤵
        System Location Discovery: System Language Discovery
        
        PID:1392
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        74⤵
        System Location Discovery: System Language Discovery
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        75⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        76⤵
        System Location Discovery: System Language Discovery
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        77⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        78⤵
        System Location Discovery: System Language Discovery
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        79⤵
        System Location Discovery: System Language Discovery
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        80⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        81⤵
        System Location Discovery: System Language Discovery
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        82⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        83⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        84⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        85⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        86⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        87⤵
        System Location Discovery: System Language Discovery
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        88⤵
        System Location Discovery: System Language Discovery
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        89⤵
        System Location Discovery: System Language Discovery
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        90⤵
        System Location Discovery: System Language Discovery
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        91⤵
        System Location Discovery: System Language Discovery
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        92⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        93⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        94⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        95⤵
        System Location Discovery: System Language Discovery
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        96⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        97⤵
        System Location Discovery: System Language Discovery
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        98⤵
        System Location Discovery: System Language Discovery
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        99⤵
        System Location Discovery: System Language Discovery
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        100⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        101⤵
        System Location Discovery: System Language Discovery
        
        PID:344
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        102⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        103⤵
        System Location Discovery: System Language Discovery
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        104⤵
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        105⤵
        System Location Discovery: System Language Discovery
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        106⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        107⤵
        System Location Discovery: System Language Discovery
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        108⤵
        System Location Discovery: System Language Discovery
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        109⤵
        
        PID:648
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        110⤵
        System Location Discovery: System Language Discovery
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        111⤵
        System Location Discovery: System Language Discovery
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        112⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        113⤵
        System Location Discovery: System Language Discovery
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        114⤵
        System Location Discovery: System Language Discovery
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        115⤵
        System Location Discovery: System Language Discovery
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Milburr\Allene.exe
        
        "C:\Users\Admin\AppData\Local\Milburr\Allene.exe"
        116⤵
        
        PID:1660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Anglophile

Filesize
481KB

MD5
3cb6abd40fba1eddd8a7dda9994ba7f7

SHA1
2c563fad704a5e5407f38aff2e47c72138944106

SHA256
4b2e35d8cd82164975b338e118ebfbd621d1afb5e768a12936f7f9d0b6c1b9e0

SHA512
ca9c2b1deaf0da7db93ad63cf98010ef28d5b07e50213984842996a14796ae88e774583f487510f1860cbdd5b58cf51523f928c8fde6622f80352cac6ba7b77f

Download Submit
C:\Users\Admin\AppData\Local\Temp\autE560.tmp

Filesize
414KB

MD5
cbdee7e56fe6e632838a31adf1435807

SHA1
9ac24bd12e4369785742e075f81b9b6a50ebabbd

SHA256
dc44aee08535cfca123fe35ec2ee62e4d0457a82a370f709e6bdc95b9f26f11c

SHA512
e058194d24bcbb56638e3e63e0e50d2f4fa2a6956dc57eaac73e11f215190940b5ab3744df567ffe1a29b7d324422b3ded9e339e1188f910bbc6ec32496e72a9

Download Submit
\Users\Admin\AppData\Local\Milburr\Allene.exe

Filesize
865KB

MD5
6f0604f8a16b94b61d714dfec11d0358

SHA1
558828c2ead68ea5883655299a3f0bfad1981ae5

SHA256
28331e2705bf58bd76a9f8ba0f0a431b762eaf6e4284dbf12f1453dd3fecf281

SHA512
76ebd74ec7b965ff20aad25aa6c0dfc5b7efef087f6bd4bf6f0b2f08427ac65bf320305db16ff00cebc5bfc98c8f22014ed5e7c9cedd37a05721b330326c4eb3

Download Submit
memory/296-126-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/296-116-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/320-612-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/484-447-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/484-439-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/692-243-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/692-253-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/884-419-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/884-412-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/888-285-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/904-232-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/904-222-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/948-591-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/964-464-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/964-457-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/964-501-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/1084-473-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/1084-465-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/1088-448-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/1088-456-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/1104-37-0x0000000000DA0000-0x00000000011A0000-memory.dmp

Filesize
4.0MB

Download
memory/1104-40-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/1192-483-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/1192-491-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/1272-148-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/1272-157-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/1312-275-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/1312-265-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/1328-127-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/1328-136-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/1328-179-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/1396-411-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/1396-403-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/1424-542-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/1480-16-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/1480-25-0x0000000000AB0000-0x0000000000EB0000-memory.dmp

Filesize
4.0MB

Download
memory/1480-29-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/1508-474-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/1508-482-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/1580-402-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/1580-395-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/1580-438-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/1596-297-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/1596-287-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/1612-211-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/1612-201-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/1648-264-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/1648-254-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/1684-190-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/1684-200-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/1724-366-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/1724-358-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/1736-73-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/1736-83-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/1752-137-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/1752-147-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/1756-420-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/1756-428-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/1768-233-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/1768-242-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/1768-286-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/1788-605-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/1804-526-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/1804-518-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/1808-367-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/1808-375-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/2076-386-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/2076-394-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/2084-376-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/2084-384-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/2132-318-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/2132-328-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/2208-317-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/2280-492-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/2280-500-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/2284-549-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/2296-509-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/2296-502-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/2448-114-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/2448-104-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/2496-527-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/2512-221-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/2520-103-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/2568-52-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/2568-62-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/2580-357-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/2580-349-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/2588-385-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/2588-340-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/2588-348-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/2600-178-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/2608-570-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/2624-577-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/2632-93-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/2712-329-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/2712-339-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/2752-563-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/2764-41-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/2764-51-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/2872-115-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/2872-63-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/2872-72-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/2896-429-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/2896-437-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/2904-158-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/2904-168-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/2964-517-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/2968-556-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/2996-584-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/3012-307-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/3016-13-0x0000000002C00000-0x0000000002DDD000-memory.dmp

Filesize
1.9MB

Download
memory/3016-15-0x0000000001350000-0x000000000152D000-memory.dmp

Filesize
1.9MB

Download
memory/3016-0-0x0000000001350000-0x000000000152D000-memory.dmp

Filesize
1.9MB

Download
memory/3016-7-0x00000000007B0000-0x0000000000BB0000-memory.dmp

Filesize
4.0MB

Download
memory/3040-189-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download
memory/3068-598-0x0000000000380000-0x000000000055D000-memory.dmp

Filesize
1.9MB

Download