50d113ca212ad87b6d19e14c12cd91638b8cd4da4c8fc7c020dda0557c93fd85

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
08-01-2025 14:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NOGHCV09800.exe
Size

1.4MB
MD5

52213367d8528d5da7e3ed356d80ddc3
SHA1

f99fa064f78f516f7b4e6a0167fc54a193cd642d
SHA256

17a545082a45c4c219bd09093349cb12cafef84e37a8dd989b6382a434b89544
SHA512

a1d4fadf5dbfb32bdc6939b12d0f11c09be991fb1a397d4bfe97db880baf0d8803103be5166993038b79b8ec3f03122c4e44703d7485a6b77bc97c17a777472e
SSDEEP

24576:CiUmSB/o5d1ubcvI9/0XhFXSQMJ/ZDfJvXnaPw9Qs287sKeXnusOag6hj3:C/mU/ohubcvIx0xFXtMr7JvXa4x28Knt

Score

7^/10

discovery upx

Malware Config

Signatures

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Milburr.vbs	Milburr.exe

Executes dropped EXE 64 IoCs

pid	Process
2224	Milburr.exe
3044	Milburr.exe
3032	Milburr.exe
2860	Milburr.exe
2776	Milburr.exe
2596	Milburr.exe
2676	Milburr.exe
2924	Milburr.exe
2688	Milburr.exe
2452	Milburr.exe
1624	Milburr.exe
1708	Milburr.exe
2876	Milburr.exe
2888	Milburr.exe
3004	Milburr.exe
1228	Milburr.exe
1784	Milburr.exe
1440	Milburr.exe
2012	Milburr.exe
1172	Milburr.exe
584	Milburr.exe
3064	Milburr.exe
3060	Milburr.exe
2268	Milburr.exe
408	Milburr.exe
2260	Milburr.exe
1548	Milburr.exe
1928	Milburr.exe
1868	Milburr.exe
1352	Milburr.exe
2456	Milburr.exe
704	Milburr.exe
316	Milburr.exe
2528	Milburr.exe
1772	Milburr.exe
1724	Milburr.exe
1612	Milburr.exe
800	Milburr.exe
3024	Milburr.exe
1744	Milburr.exe
2444	Milburr.exe
2548	Milburr.exe
1600	Milburr.exe
1564	Milburr.exe
2732	Milburr.exe
2808	Milburr.exe
2800	Milburr.exe
2728	Milburr.exe
2764	Milburr.exe
2928	Milburr.exe
2740	Milburr.exe
2656	Milburr.exe
2716	Milburr.exe
2632	Milburr.exe
1996	Milburr.exe
2432	Milburr.exe
2956	Milburr.exe
560	Milburr.exe
2844	Milburr.exe
2788	Milburr.exe
2856	Milburr.exe
1984	Milburr.exe
1068	Milburr.exe
2960	Milburr.exe

Loads dropped DLL 2 IoCs

pid	Process
2784	NOGHCV09800.exe
2224	Milburr.exe

AutoIT Executable 64 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/memory/2784-11-0x0000000001020000-0x0000000001307000-memory.dmp	autoit_exe
behavioral1/memory/2224-13-0x0000000000290000-0x0000000000577000-memory.dmp	autoit_exe
behavioral1/memory/2224-22-0x0000000000290000-0x0000000000577000-memory.dmp	autoit_exe
behavioral1/memory/3044-31-0x0000000000290000-0x0000000000577000-memory.dmp	autoit_exe
behavioral1/memory/2860-38-0x0000000000290000-0x0000000000577000-memory.dmp	autoit_exe
behavioral1/memory/3032-37-0x0000000000290000-0x0000000000577000-memory.dmp	autoit_exe
behavioral1/memory/2776-45-0x0000000000290000-0x0000000000577000-memory.dmp	autoit_exe
behavioral1/memory/2860-44-0x0000000000290000-0x0000000000577000-memory.dmp	autoit_exe
behavioral1/memory/2776-51-0x0000000000290000-0x0000000000577000-memory.dmp	autoit_exe
behavioral1/memory/2676-58-0x0000000000290000-0x0000000000577000-memory.dmp	autoit_exe
behavioral1/memory/2596-57-0x0000000000290000-0x0000000000577000-memory.dmp	autoit_exe
behavioral1/memory/2924-65-0x0000000000290000-0x0000000000577000-memory.dmp	autoit_exe
behavioral1/memory/2676-64-0x0000000000290000-0x0000000000577000-memory.dmp	autoit_exe
behavioral1/memory/2688-72-0x0000000000290000-0x0000000000577000-memory.dmp	autoit_exe
behavioral1/memory/2924-71-0x0000000000290000-0x0000000000577000-memory.dmp	autoit_exe
behavioral1/memory/2688-78-0x0000000000290000-0x0000000000577000-memory.dmp	autoit_exe
behavioral1/memory/1624-86-0x0000000000290000-0x0000000000577000-memory.dmp	autoit_exe
behavioral1/memory/2452-85-0x0000000000290000-0x0000000000577000-memory.dmp	autoit_exe
behavioral1/memory/1624-92-0x0000000000290000-0x0000000000577000-memory.dmp	autoit_exe
behavioral1/memory/2876-100-0x0000000000290000-0x0000000000577000-memory.dmp	autoit_exe
behavioral1/memory/1708-99-0x0000000000290000-0x0000000000577000-memory.dmp	autoit_exe
behavioral1/memory/2876-106-0x0000000000290000-0x0000000000577000-memory.dmp	autoit_exe
behavioral1/memory/3004-113-0x0000000000290000-0x0000000000577000-memory.dmp	autoit_exe
behavioral1/memory/2888-112-0x0000000000290000-0x0000000000577000-memory.dmp	autoit_exe
behavioral1/memory/3004-119-0x0000000000290000-0x0000000000577000-memory.dmp	autoit_exe
behavioral1/memory/1784-126-0x0000000000290000-0x0000000000577000-memory.dmp	autoit_exe
behavioral1/memory/1228-125-0x0000000000290000-0x0000000000577000-memory.dmp	autoit_exe
behavioral1/memory/1784-132-0x0000000000290000-0x0000000000577000-memory.dmp	autoit_exe
behavioral1/memory/2012-139-0x0000000000290000-0x0000000000577000-memory.dmp	autoit_exe
behavioral1/memory/1440-138-0x0000000000290000-0x0000000000577000-memory.dmp	autoit_exe
behavioral1/memory/1172-146-0x0000000000290000-0x0000000000577000-memory.dmp	autoit_exe
behavioral1/memory/2012-145-0x0000000000290000-0x0000000000577000-memory.dmp	autoit_exe
behavioral1/memory/584-153-0x0000000000290000-0x0000000000577000-memory.dmp	autoit_exe
behavioral1/memory/1172-152-0x0000000000290000-0x0000000000577000-memory.dmp	autoit_exe
behavioral1/memory/3064-160-0x0000000000290000-0x0000000000577000-memory.dmp	autoit_exe
behavioral1/memory/584-159-0x0000000000290000-0x0000000000577000-memory.dmp	autoit_exe
behavioral1/memory/3064-166-0x0000000000290000-0x0000000000577000-memory.dmp	autoit_exe
behavioral1/memory/3060-172-0x0000000000290000-0x0000000000577000-memory.dmp	autoit_exe
behavioral1/memory/2268-173-0x0000000000290000-0x0000000000577000-memory.dmp	autoit_exe
behavioral1/memory/408-180-0x0000000000290000-0x0000000000577000-memory.dmp	autoit_exe
behavioral1/memory/2268-179-0x0000000000290000-0x0000000000577000-memory.dmp	autoit_exe
behavioral1/memory/408-186-0x0000000000290000-0x0000000000577000-memory.dmp	autoit_exe
behavioral1/memory/1548-193-0x0000000000290000-0x0000000000577000-memory.dmp	autoit_exe
behavioral1/memory/2260-192-0x0000000000290000-0x0000000000577000-memory.dmp	autoit_exe
behavioral1/memory/1548-199-0x0000000000290000-0x0000000000577000-memory.dmp	autoit_exe
behavioral1/memory/1928-205-0x0000000000290000-0x0000000000577000-memory.dmp	autoit_exe
behavioral1/memory/1352-212-0x0000000000290000-0x0000000000577000-memory.dmp	autoit_exe
behavioral1/memory/1868-211-0x0000000000290000-0x0000000000577000-memory.dmp	autoit_exe
behavioral1/memory/1352-218-0x0000000000290000-0x0000000000577000-memory.dmp	autoit_exe
behavioral1/memory/2456-219-0x0000000000290000-0x0000000000577000-memory.dmp	autoit_exe
behavioral1/memory/2456-222-0x0000000000290000-0x0000000000577000-memory.dmp	autoit_exe
behavioral1/memory/704-225-0x0000000000290000-0x0000000000577000-memory.dmp	autoit_exe
behavioral1/memory/316-228-0x0000000000290000-0x0000000000577000-memory.dmp	autoit_exe
behavioral1/memory/2528-231-0x0000000000290000-0x0000000000577000-memory.dmp	autoit_exe
behavioral1/memory/1772-234-0x0000000000290000-0x0000000000577000-memory.dmp	autoit_exe
behavioral1/memory/1724-237-0x0000000000290000-0x0000000000577000-memory.dmp	autoit_exe
behavioral1/memory/1612-240-0x0000000000290000-0x0000000000577000-memory.dmp	autoit_exe
behavioral1/memory/800-243-0x0000000000290000-0x0000000000577000-memory.dmp	autoit_exe
behavioral1/memory/3024-246-0x0000000000290000-0x0000000000577000-memory.dmp	autoit_exe
behavioral1/memory/1744-249-0x0000000000290000-0x0000000000577000-memory.dmp	autoit_exe
behavioral1/memory/2444-252-0x0000000000290000-0x0000000000577000-memory.dmp	autoit_exe
behavioral1/memory/2548-255-0x0000000000290000-0x0000000000577000-memory.dmp	autoit_exe
behavioral1/memory/1600-258-0x0000000000290000-0x0000000000577000-memory.dmp	autoit_exe
behavioral1/memory/1564-261-0x0000000000290000-0x0000000000577000-memory.dmp	autoit_exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2784-0-0x0000000001020000-0x0000000001307000-memory.dmp	upx
behavioral1/files/0x0007000000016d4a-5.dat	upx
behavioral1/memory/2784-11-0x0000000001020000-0x0000000001307000-memory.dmp	upx
behavioral1/memory/2224-13-0x0000000000290000-0x0000000000577000-memory.dmp	upx
behavioral1/memory/3044-23-0x0000000000290000-0x0000000000577000-memory.dmp	upx
behavioral1/memory/2224-22-0x0000000000290000-0x0000000000577000-memory.dmp	upx
behavioral1/memory/3044-31-0x0000000000290000-0x0000000000577000-memory.dmp	upx
behavioral1/memory/3032-30-0x0000000000290000-0x0000000000577000-memory.dmp	upx
behavioral1/memory/2860-38-0x0000000000290000-0x0000000000577000-memory.dmp	upx
behavioral1/memory/3032-37-0x0000000000290000-0x0000000000577000-memory.dmp	upx
behavioral1/memory/2776-45-0x0000000000290000-0x0000000000577000-memory.dmp	upx
behavioral1/memory/2860-44-0x0000000000290000-0x0000000000577000-memory.dmp	upx
behavioral1/memory/2776-51-0x0000000000290000-0x0000000000577000-memory.dmp	upx
behavioral1/memory/2676-58-0x0000000000290000-0x0000000000577000-memory.dmp	upx
behavioral1/memory/2596-57-0x0000000000290000-0x0000000000577000-memory.dmp	upx
behavioral1/memory/2924-65-0x0000000000290000-0x0000000000577000-memory.dmp	upx
behavioral1/memory/2676-64-0x0000000000290000-0x0000000000577000-memory.dmp	upx
behavioral1/memory/2688-72-0x0000000000290000-0x0000000000577000-memory.dmp	upx
behavioral1/memory/2924-71-0x0000000000290000-0x0000000000577000-memory.dmp	upx
behavioral1/memory/2452-79-0x0000000000290000-0x0000000000577000-memory.dmp	upx
behavioral1/memory/2688-78-0x0000000000290000-0x0000000000577000-memory.dmp	upx
behavioral1/memory/1624-86-0x0000000000290000-0x0000000000577000-memory.dmp	upx
behavioral1/memory/2452-85-0x0000000000290000-0x0000000000577000-memory.dmp	upx
behavioral1/memory/1624-92-0x0000000000290000-0x0000000000577000-memory.dmp	upx
behavioral1/memory/1708-93-0x0000000000290000-0x0000000000577000-memory.dmp	upx
behavioral1/memory/2876-100-0x0000000000290000-0x0000000000577000-memory.dmp	upx
behavioral1/memory/1708-99-0x0000000000290000-0x0000000000577000-memory.dmp	upx
behavioral1/memory/2876-106-0x0000000000290000-0x0000000000577000-memory.dmp	upx
behavioral1/memory/3004-113-0x0000000000290000-0x0000000000577000-memory.dmp	upx
behavioral1/memory/2888-112-0x0000000000290000-0x0000000000577000-memory.dmp	upx
behavioral1/memory/3004-119-0x0000000000290000-0x0000000000577000-memory.dmp	upx
behavioral1/memory/1784-126-0x0000000000290000-0x0000000000577000-memory.dmp	upx
behavioral1/memory/1228-125-0x0000000000290000-0x0000000000577000-memory.dmp	upx
behavioral1/memory/1784-132-0x0000000000290000-0x0000000000577000-memory.dmp	upx
behavioral1/memory/2012-139-0x0000000000290000-0x0000000000577000-memory.dmp	upx
behavioral1/memory/1440-138-0x0000000000290000-0x0000000000577000-memory.dmp	upx
behavioral1/memory/1172-146-0x0000000000290000-0x0000000000577000-memory.dmp	upx
behavioral1/memory/2012-145-0x0000000000290000-0x0000000000577000-memory.dmp	upx
behavioral1/memory/584-153-0x0000000000290000-0x0000000000577000-memory.dmp	upx
behavioral1/memory/1172-152-0x0000000000290000-0x0000000000577000-memory.dmp	upx
behavioral1/memory/3064-160-0x0000000000290000-0x0000000000577000-memory.dmp	upx
behavioral1/memory/584-159-0x0000000000290000-0x0000000000577000-memory.dmp	upx
behavioral1/memory/3064-166-0x0000000000290000-0x0000000000577000-memory.dmp	upx
behavioral1/memory/3060-172-0x0000000000290000-0x0000000000577000-memory.dmp	upx
behavioral1/memory/2268-173-0x0000000000290000-0x0000000000577000-memory.dmp	upx
behavioral1/memory/408-180-0x0000000000290000-0x0000000000577000-memory.dmp	upx
behavioral1/memory/2268-179-0x0000000000290000-0x0000000000577000-memory.dmp	upx
behavioral1/memory/408-186-0x0000000000290000-0x0000000000577000-memory.dmp	upx
behavioral1/memory/1548-193-0x0000000000290000-0x0000000000577000-memory.dmp	upx
behavioral1/memory/2260-192-0x0000000000290000-0x0000000000577000-memory.dmp	upx
behavioral1/memory/1548-199-0x0000000000290000-0x0000000000577000-memory.dmp	upx
behavioral1/memory/1928-205-0x0000000000290000-0x0000000000577000-memory.dmp	upx
behavioral1/memory/1352-212-0x0000000000290000-0x0000000000577000-memory.dmp	upx
behavioral1/memory/1868-211-0x0000000000290000-0x0000000000577000-memory.dmp	upx
behavioral1/memory/1352-218-0x0000000000290000-0x0000000000577000-memory.dmp	upx
behavioral1/memory/2456-219-0x0000000000290000-0x0000000000577000-memory.dmp	upx
behavioral1/memory/2456-222-0x0000000000290000-0x0000000000577000-memory.dmp	upx
behavioral1/memory/704-225-0x0000000000290000-0x0000000000577000-memory.dmp	upx
behavioral1/memory/316-228-0x0000000000290000-0x0000000000577000-memory.dmp	upx
behavioral1/memory/2528-231-0x0000000000290000-0x0000000000577000-memory.dmp	upx
behavioral1/memory/1772-234-0x0000000000290000-0x0000000000577000-memory.dmp	upx
behavioral1/memory/1724-237-0x0000000000290000-0x0000000000577000-memory.dmp	upx
behavioral1/memory/1612-240-0x0000000000290000-0x0000000000577000-memory.dmp	upx
behavioral1/memory/800-243-0x0000000000290000-0x0000000000577000-memory.dmp	upx

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Milburr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Milburr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Milburr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Milburr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Milburr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Milburr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Milburr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Milburr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Milburr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Milburr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Milburr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Milburr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Milburr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Milburr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Milburr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Milburr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Milburr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Milburr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Milburr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Milburr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Milburr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Milburr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Milburr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Milburr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Milburr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Milburr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Milburr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Milburr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Milburr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Milburr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Milburr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Milburr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Milburr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Milburr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Milburr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Milburr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Milburr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Milburr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Milburr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Milburr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Milburr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Milburr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Milburr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Milburr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Milburr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Milburr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Milburr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Milburr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Milburr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Milburr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Milburr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Milburr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Milburr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Milburr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Milburr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Milburr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Milburr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Milburr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Milburr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Milburr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Milburr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Milburr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Milburr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Milburr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2784	NOGHCV09800.exe
2784	NOGHCV09800.exe
2224	Milburr.exe
2224	Milburr.exe
3044	Milburr.exe
3044	Milburr.exe
3032	Milburr.exe
3032	Milburr.exe
2860	Milburr.exe
2860	Milburr.exe
2776	Milburr.exe
2776	Milburr.exe
2596	Milburr.exe
2596	Milburr.exe
2676	Milburr.exe
2676	Milburr.exe
2924	Milburr.exe
2924	Milburr.exe
2688	Milburr.exe
2688	Milburr.exe
2452	Milburr.exe
2452	Milburr.exe
1624	Milburr.exe
1624	Milburr.exe
1708	Milburr.exe
1708	Milburr.exe
2876	Milburr.exe
2876	Milburr.exe
2888	Milburr.exe
2888	Milburr.exe
3004	Milburr.exe
3004	Milburr.exe
1228	Milburr.exe
1228	Milburr.exe
1784	Milburr.exe
1784	Milburr.exe
1440	Milburr.exe
1440	Milburr.exe
2012	Milburr.exe
2012	Milburr.exe
1172	Milburr.exe
1172	Milburr.exe
584	Milburr.exe
584	Milburr.exe
3064	Milburr.exe
3064	Milburr.exe
3060	Milburr.exe
3060	Milburr.exe
2268	Milburr.exe
2268	Milburr.exe
408	Milburr.exe
408	Milburr.exe
2260	Milburr.exe
2260	Milburr.exe
1548	Milburr.exe
1548	Milburr.exe
1928	Milburr.exe
1928	Milburr.exe
1868	Milburr.exe
1868	Milburr.exe
1352	Milburr.exe
1352	Milburr.exe
2456	Milburr.exe
2456	Milburr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2784	NOGHCV09800.exe
2784	NOGHCV09800.exe
2224	Milburr.exe
2224	Milburr.exe
3044	Milburr.exe
3044	Milburr.exe
3032	Milburr.exe
3032	Milburr.exe
2860	Milburr.exe
2860	Milburr.exe
2776	Milburr.exe
2776	Milburr.exe
2596	Milburr.exe
2596	Milburr.exe
2676	Milburr.exe
2676	Milburr.exe
2924	Milburr.exe
2924	Milburr.exe
2688	Milburr.exe
2688	Milburr.exe
2452	Milburr.exe
2452	Milburr.exe
1624	Milburr.exe
1624	Milburr.exe
1708	Milburr.exe
1708	Milburr.exe
2876	Milburr.exe
2876	Milburr.exe
2888	Milburr.exe
2888	Milburr.exe
3004	Milburr.exe
3004	Milburr.exe
1228	Milburr.exe
1228	Milburr.exe
1784	Milburr.exe
1784	Milburr.exe
1440	Milburr.exe
1440	Milburr.exe
2012	Milburr.exe
2012	Milburr.exe
1172	Milburr.exe
1172	Milburr.exe
584	Milburr.exe
584	Milburr.exe
3064	Milburr.exe
3064	Milburr.exe
3060	Milburr.exe
3060	Milburr.exe
2268	Milburr.exe
2268	Milburr.exe
408	Milburr.exe
408	Milburr.exe
2260	Milburr.exe
2260	Milburr.exe
1548	Milburr.exe
1548	Milburr.exe
1928	Milburr.exe
1928	Milburr.exe
1868	Milburr.exe
1868	Milburr.exe
1352	Milburr.exe
1352	Milburr.exe
2456	Milburr.exe
2456	Milburr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2784 wrote to memory of 2224	2784	NOGHCV09800.exe	30
PID 2784 wrote to memory of 2224	2784	NOGHCV09800.exe	30
PID 2784 wrote to memory of 2224	2784	NOGHCV09800.exe	30
PID 2784 wrote to memory of 2224	2784	NOGHCV09800.exe	30
PID 2224 wrote to memory of 3044	2224	Milburr.exe	31
PID 2224 wrote to memory of 3044	2224	Milburr.exe	31
PID 2224 wrote to memory of 3044	2224	Milburr.exe	31
PID 2224 wrote to memory of 3044	2224	Milburr.exe	31
PID 3044 wrote to memory of 3032	3044	Milburr.exe	32
PID 3044 wrote to memory of 3032	3044	Milburr.exe	32
PID 3044 wrote to memory of 3032	3044	Milburr.exe	32
PID 3044 wrote to memory of 3032	3044	Milburr.exe	32
PID 3032 wrote to memory of 2860	3032	Milburr.exe	33
PID 3032 wrote to memory of 2860	3032	Milburr.exe	33
PID 3032 wrote to memory of 2860	3032	Milburr.exe	33
PID 3032 wrote to memory of 2860	3032	Milburr.exe	33
PID 2860 wrote to memory of 2776	2860	Milburr.exe	34
PID 2860 wrote to memory of 2776	2860	Milburr.exe	34
PID 2860 wrote to memory of 2776	2860	Milburr.exe	34
PID 2860 wrote to memory of 2776	2860	Milburr.exe	34
PID 2776 wrote to memory of 2596	2776	Milburr.exe	35
PID 2776 wrote to memory of 2596	2776	Milburr.exe	35
PID 2776 wrote to memory of 2596	2776	Milburr.exe	35
PID 2776 wrote to memory of 2596	2776	Milburr.exe	35
PID 2596 wrote to memory of 2676	2596	Milburr.exe	36
PID 2596 wrote to memory of 2676	2596	Milburr.exe	36
PID 2596 wrote to memory of 2676	2596	Milburr.exe	36
PID 2596 wrote to memory of 2676	2596	Milburr.exe	36
PID 2676 wrote to memory of 2924	2676	Milburr.exe	37
PID 2676 wrote to memory of 2924	2676	Milburr.exe	37
PID 2676 wrote to memory of 2924	2676	Milburr.exe	37
PID 2676 wrote to memory of 2924	2676	Milburr.exe	37
PID 2924 wrote to memory of 2688	2924	Milburr.exe	38
PID 2924 wrote to memory of 2688	2924	Milburr.exe	38
PID 2924 wrote to memory of 2688	2924	Milburr.exe	38
PID 2924 wrote to memory of 2688	2924	Milburr.exe	38
PID 2688 wrote to memory of 2452	2688	Milburr.exe	39
PID 2688 wrote to memory of 2452	2688	Milburr.exe	39
PID 2688 wrote to memory of 2452	2688	Milburr.exe	39
PID 2688 wrote to memory of 2452	2688	Milburr.exe	39
PID 2452 wrote to memory of 1624	2452	Milburr.exe	40
PID 2452 wrote to memory of 1624	2452	Milburr.exe	40
PID 2452 wrote to memory of 1624	2452	Milburr.exe	40
PID 2452 wrote to memory of 1624	2452	Milburr.exe	40
PID 1624 wrote to memory of 1708	1624	Milburr.exe	41
PID 1624 wrote to memory of 1708	1624	Milburr.exe	41
PID 1624 wrote to memory of 1708	1624	Milburr.exe	41
PID 1624 wrote to memory of 1708	1624	Milburr.exe	41
PID 1708 wrote to memory of 2876	1708	Milburr.exe	42
PID 1708 wrote to memory of 2876	1708	Milburr.exe	42
PID 1708 wrote to memory of 2876	1708	Milburr.exe	42
PID 1708 wrote to memory of 2876	1708	Milburr.exe	42
PID 2876 wrote to memory of 2888	2876	Milburr.exe	43
PID 2876 wrote to memory of 2888	2876	Milburr.exe	43
PID 2876 wrote to memory of 2888	2876	Milburr.exe	43
PID 2876 wrote to memory of 2888	2876	Milburr.exe	43
PID 2888 wrote to memory of 3004	2888	Milburr.exe	44
PID 2888 wrote to memory of 3004	2888	Milburr.exe	44
PID 2888 wrote to memory of 3004	2888	Milburr.exe	44
PID 2888 wrote to memory of 3004	2888	Milburr.exe	44
PID 3004 wrote to memory of 1228	3004	Milburr.exe	45
PID 3004 wrote to memory of 1228	3004	Milburr.exe	45
PID 3004 wrote to memory of 1228	3004	Milburr.exe	45
PID 3004 wrote to memory of 1228	3004	Milburr.exe	45

C:\Users\Admin\AppData\Local\Temp\NOGHCV09800.exe
"C:\Users\Admin\AppData\Local\Temp\NOGHCV09800.exe"
1⤵
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2784
- C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
  "C:\Users\Admin\AppData\Local\Temp\NOGHCV09800.exe"
  2⤵
  - Drops startup file
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2224
- - C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
    "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:3044
  - - C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
      "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of WriteProcessMemory
      PID:3032
    - - C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        5⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2860
      - C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        6⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        7⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        8⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        9⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        10⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        11⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        12⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        13⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        14⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        15⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        16⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        17⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        18⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        19⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        20⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        21⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        22⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:584
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        23⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        24⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        25⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        26⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:408
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        27⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        28⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        29⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        30⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        31⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        32⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        33⤵
        Executes dropped EXE
        
        PID:704
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        34⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:316
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        35⤵
        Executes dropped EXE
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        36⤵
        Executes dropped EXE
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        37⤵
        Executes dropped EXE
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        38⤵
        Executes dropped EXE
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        39⤵
        Executes dropped EXE
        
        PID:800
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        40⤵
        Executes dropped EXE
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        41⤵
        Executes dropped EXE
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        42⤵
        Executes dropped EXE
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        43⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        44⤵
        Executes dropped EXE
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        45⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        46⤵
        Executes dropped EXE
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        47⤵
        Executes dropped EXE
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        48⤵
        Executes dropped EXE
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        49⤵
        Executes dropped EXE
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        50⤵
        Executes dropped EXE
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        51⤵
        Executes dropped EXE
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        52⤵
        Executes dropped EXE
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        53⤵
        Executes dropped EXE
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        54⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        55⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        56⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        57⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        58⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        59⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:560
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        60⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        61⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        62⤵
        Executes dropped EXE
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        63⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        64⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        65⤵
        Executes dropped EXE
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        66⤵
        
        PID:680
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        67⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        68⤵
        
        PID:396
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        69⤵
        System Location Discovery: System Language Discovery
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        70⤵
        System Location Discovery: System Language Discovery
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        71⤵
        System Location Discovery: System Language Discovery
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        72⤵
        System Location Discovery: System Language Discovery
        
        PID:592
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        73⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        74⤵
        System Location Discovery: System Language Discovery
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        75⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        76⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        77⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        78⤵
        
        PID:992
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        79⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        80⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        81⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        82⤵
        System Location Discovery: System Language Discovery
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        83⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        84⤵
        System Location Discovery: System Language Discovery
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        85⤵
        System Location Discovery: System Language Discovery
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        86⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        87⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        88⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        89⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        90⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        91⤵
        System Location Discovery: System Language Discovery
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        92⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        93⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        94⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        95⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        96⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        97⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        98⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        99⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        100⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        101⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        102⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        103⤵
        System Location Discovery: System Language Discovery
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        104⤵
        System Location Discovery: System Language Discovery
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        105⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        106⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        107⤵
        System Location Discovery: System Language Discovery
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        108⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        109⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        110⤵
        System Location Discovery: System Language Discovery
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        111⤵
        System Location Discovery: System Language Discovery
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        112⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        113⤵
        
        PID:492
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        114⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        115⤵
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        116⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        117⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        118⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        119⤵
        System Location Discovery: System Language Discovery
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        120⤵
        
        PID:328
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        121⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        122⤵
        
        PID:988
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        123⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        124⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        125⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        126⤵
        System Location Discovery: System Language Discovery
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        127⤵
        
        PID:572
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        128⤵
        System Location Discovery: System Language Discovery
        
        PID:892
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        129⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        130⤵
        System Location Discovery: System Language Discovery
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        131⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        132⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        133⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        134⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        135⤵
        System Location Discovery: System Language Discovery
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        136⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        137⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        138⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        139⤵
        System Location Discovery: System Language Discovery
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        140⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        141⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        142⤵
        System Location Discovery: System Language Discovery
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        143⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        144⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        145⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        146⤵
        System Location Discovery: System Language Discovery
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        147⤵
        System Location Discovery: System Language Discovery
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        148⤵
        System Location Discovery: System Language Discovery
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        149⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        150⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        151⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        152⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        153⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        154⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        155⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        156⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        157⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        158⤵
        
        PID:644
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        159⤵
        
        PID:692
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        160⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        161⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        162⤵
        
        PID:348
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        163⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        164⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        165⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        166⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        167⤵
        
        PID:292
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        168⤵
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        169⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        170⤵
        System Location Discovery: System Language Discovery
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        171⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        172⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        173⤵
        System Location Discovery: System Language Discovery
        
        PID:932
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        174⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        175⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        176⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        177⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        178⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        179⤵
        System Location Discovery: System Language Discovery
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        180⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        181⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        182⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        183⤵
        System Location Discovery: System Language Discovery
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        184⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        185⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        186⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        187⤵
        System Location Discovery: System Language Discovery
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        188⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        189⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        190⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        191⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        192⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        193⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        194⤵
        System Location Discovery: System Language Discovery
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        195⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        196⤵
        System Location Discovery: System Language Discovery
        
        PID:576
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        197⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        198⤵
        System Location Discovery: System Language Discovery
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        199⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        200⤵
        System Location Discovery: System Language Discovery
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        201⤵
        System Location Discovery: System Language Discovery
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        202⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        203⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        204⤵
        System Location Discovery: System Language Discovery
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        205⤵
        System Location Discovery: System Language Discovery
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        206⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        207⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        208⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        209⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        210⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        211⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        212⤵
        System Location Discovery: System Language Discovery
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        213⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        214⤵
        System Location Discovery: System Language Discovery
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        215⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        216⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        217⤵
        System Location Discovery: System Language Discovery
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        218⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        219⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        220⤵
        System Location Discovery: System Language Discovery
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        221⤵
        System Location Discovery: System Language Discovery
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        222⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        223⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        224⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        225⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        226⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        227⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        228⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        229⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        230⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        231⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        232⤵
        System Location Discovery: System Language Discovery
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        233⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        234⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        235⤵
        System Location Discovery: System Language Discovery
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        236⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        237⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        238⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        239⤵
        System Location Discovery: System Language Discovery
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        240⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        241⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        242⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        243⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\tilthead\Milburr.exe
        
        "C:\Users\Admin\AppData\Local\tilthead\Milburr.exe"
        244⤵
        
        PID:3104

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Roca

Filesize
481KB

MD5
d307541316122bf96dd2e089f83c9904

SHA1
668bf6174b493c828886350a6e9a50bad762c582

SHA256
84e5a8c73aaa5afd07a6a8a70cfa6bb39632ef19419046cb84171f26cd438b2a

SHA512
cf3a9ea3eaebd7175355587c776de63b936180f77756de9854664876c1424a405247120b7d3f0dd7a6bdd2c032e68c503acaa88405abeb262f4f1d57ed1b67c8

Download Submit
\Users\Admin\AppData\Local\tilthead\Milburr.exe

Filesize
1.4MB

MD5
52213367d8528d5da7e3ed356d80ddc3

SHA1
f99fa064f78f516f7b4e6a0167fc54a193cd642d

SHA256
17a545082a45c4c219bd09093349cb12cafef84e37a8dd989b6382a434b89544

SHA512
a1d4fadf5dbfb32bdc6939b12d0f11c09be991fb1a397d4bfe97db880baf0d8803103be5166993038b79b8ec3f03122c4e44703d7485a6b77bc97c17a777472e

Download Submit
memory/316-228-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/408-186-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/408-180-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/560-303-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/584-153-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/584-159-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/704-225-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/800-243-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/1068-318-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/1172-152-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/1172-146-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/1228-125-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/1352-218-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/1352-212-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/1440-138-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/1548-193-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/1548-199-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/1564-261-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/1600-258-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/1612-240-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/1624-86-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/1624-92-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/1708-99-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/1708-93-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/1724-237-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/1744-249-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/1772-234-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/1784-132-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/1784-126-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/1868-211-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/1928-205-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/1984-315-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/1996-294-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/2012-139-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/2012-145-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/2224-22-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/2224-13-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/2224-17-0x0000000000D80000-0x0000000001180000-memory.dmp

Filesize
4.0MB

Download
memory/2260-192-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/2268-173-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/2268-179-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/2432-297-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/2444-252-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/2452-79-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/2452-85-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/2456-222-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/2456-219-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/2528-231-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/2548-255-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/2596-57-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/2632-291-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/2656-285-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/2676-64-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/2676-58-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/2688-78-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/2688-72-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/2716-288-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/2728-273-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/2732-264-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/2740-282-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/2764-276-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/2776-45-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/2776-51-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/2784-11-0x0000000001020000-0x0000000001307000-memory.dmp

Filesize
2.9MB

Download
memory/2784-9-0x00000000033A0000-0x0000000003687000-memory.dmp

Filesize
2.9MB

Download
memory/2784-0-0x0000000001020000-0x0000000001307000-memory.dmp

Filesize
2.9MB

Download
memory/2784-3-0x0000000000740000-0x0000000000B40000-memory.dmp

Filesize
4.0MB

Download
memory/2788-309-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/2800-270-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/2808-267-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/2844-306-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/2856-312-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/2860-44-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/2860-38-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/2876-100-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/2876-106-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/2888-112-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/2924-65-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/2924-71-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/2928-279-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/2956-300-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/3004-113-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/3004-119-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/3024-246-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/3032-37-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/3032-30-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/3044-31-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/3044-27-0x0000000000D20000-0x0000000001120000-memory.dmp

Filesize
4.0MB

Download
memory/3044-23-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/3060-172-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/3064-160-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download
memory/3064-166-0x0000000000290000-0x0000000000577000-memory.dmp

Filesize
2.9MB

Download