Analysis Overview
SHA256
eb183cf5d6e217532b203ab9f336e266537828eed01c53158da95d609f4ebea6
Threat Level: Known bad
The file eb183cf5d6e217532b203ab9f336e266537828eed01c53158da95d609f4ebea6.exe was found to be: Known bad.
Malicious Activity Summary
Remcos
Credentials from Password Stores: Credentials from Web Browsers
Detected Nirsoft tools
NirSoft MailPassView
NirSoft WebBrowserPassView
Reads user/profile data of web browsers
Loads dropped DLL
Drops startup file
Executes dropped EXE
Accesses Microsoft Outlook accounts
Suspicious use of SetThreadContext
AutoIT Executable
Unsigned PE
System Location Discovery: System Language Discovery
Suspicious behavior: MapViewOfSection
Suspicious use of SendNotifyMessage
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-15 01:46
Signatures
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-15 01:46
Reported
2024-08-15 01:48
Platform
win7-20240708-en
Max time kernel
149s
Max time network
122s
Command Line
Signatures
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jailkeeper.vbs | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
Executes dropped EXE
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\eb183cf5d6e217532b203ab9f336e266537828eed01c53158da95d609f4ebea6.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\eb183cf5d6e217532b203ab9f336e266537828eed01c53158da95d609f4ebea6.exe
"C:\Users\Admin\AppData\Local\Temp\eb183cf5d6e217532b203ab9f336e266537828eed01c53158da95d609f4ebea6.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\Temp\eb183cf5d6e217532b203ab9f336e266537828eed01c53158da95d609f4ebea6.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
Network
Files
memory/2236-11-0x00000000001A0000-0x00000000001A4000-memory.dmp
\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
| MD5 | 2592d02088ef02e13ad5740fd85ceb17 |
| SHA1 | 7abba6c521701ae077d7c29f28c87b44d8411922 |
| SHA256 | eb183cf5d6e217532b203ab9f336e266537828eed01c53158da95d609f4ebea6 |
| SHA512 | 50314d33155c066f1cfbb9efac5cfcc9e540c63ff1ccb3c463e6286ee6acac81a09bb1a1b552c2b6243df4ec52aa015ee803900566f1c25f0edfbbe408547310 |
C:\Users\Admin\AppData\Local\Temp\Clinton
| MD5 | eb1d1b864ad0ed4efa8d4b52cad77a57 |
| SHA1 | cf25a5ee400ee35800602403feefe6890750d2b8 |
| SHA256 | 3f05521a0f1414f9f21c8108d479de3dad21e1653a4fa340d1cd7a1c0c6d5388 |
| SHA512 | ad685f8da8d9fa8d1bd3eadea9d648ccb8c761577bca997dd20d54f8c32805589312d3ff3ca8bcac276762d68478db15a4e02d111876e0be0d200ce191df3155 |
C:\Users\Admin\AppData\Local\Temp\nonplacental
| MD5 | 39f11e09f25827416870bd8fb80dae80 |
| SHA1 | f2ae6e01c6ea97ec0c8231cb1b1dbcc5bb40b559 |
| SHA256 | 98639412ce9f24682c61415e01b68edc3ad92ef2f2df8c5ec7a9b6c026ae8061 |
| SHA512 | a0e8a9e8353e0849257baa2b205ffc85ce493a3de0d695164deb7bc50ed3906ceeb089e1ce5dce3e34da29a1544d26ff6b92690d1122e0af65e2351456551596 |
C:\Users\Admin\AppData\Local\Temp\Clinton
| MD5 | 823cf32035f1d36f08bc7dab73617f39 |
| SHA1 | e0c9647c45085bcc273f86682cf926c700da860a |
| SHA256 | b33311317ab40041043ab5ac39b74dfa8d04dae7f30a745c4df08a4f67104b44 |
| SHA512 | b1f86dcd6964cc68686e3df4356067405bdd17d0ef5c6156193442dc86ac1a5b97285a2125f11db4a46658662e80af9a50079524fff17b364cad12ec012f84f6 |
C:\Users\Admin\AppData\Local\Temp\aut59C4.tmp
| MD5 | 7586ea2d22723d5c80e760e7f115905f |
| SHA1 | 7eec84c9e175cd5708a979a07b15b2308c31ca89 |
| SHA256 | 8ed2769776974e959a64d8df8958a0f044c50cc0a58cec4310ff65949e78a77b |
| SHA512 | 4a7f7d431fc43995b4524f2ab96b8a45a92e8ca8a18ec9e7d0e3cd19cfc8e7d28d9bd87b2e9d9b26c26e2b858930ad40773d630ffff2455c2a74913f6de66ef7 |
C:\Users\Admin\AppData\Local\Temp\aut59E4.tmp
| MD5 | a5a40fc934677f0fdd666bb4d91792fb |
| SHA1 | 379dd9be82f137f8f8ca0ef28cbaafc8c13dbac9 |
| SHA256 | 8089238b137c0839db63e68c3e80eef93bb312c4111d3672145cac4f8a6e350c |
| SHA512 | 64cddeb941a39b46f780b30f509fc4993e78a0a74505ad69b3cbb5b75e0299f1387f68c83b35507975d72187cbcbffd82a7e3f389cc3f690b30b140291b99810 |
C:\Users\Admin\AppData\Local\Temp\Clinton
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-15 01:46
Reported
2024-08-15 01:48
Platform
win10v2004-20240802-en
Max time kernel
148s
Max time network
149s
Command Line
Signatures
Remcos
Credentials from Password Stores: Credentials from Web Browsers
Detected Nirsoft tools
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
NirSoft MailPassView
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
NirSoft WebBrowserPassView
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jailkeeper.vbs | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
Reads user/profile data of web browsers
Accesses Microsoft Outlook accounts
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
AutoIT Executable
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Suspicious use of SetThreadContext
| Description | Indicator | Process | Target |
| PID 4928 set thread context of 2672 | N/A | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe |
| PID 4928 set thread context of 3980 | N/A | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe |
| PID 4928 set thread context of 1604 | N/A | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\eb183cf5d6e217532b203ab9f336e266537828eed01c53158da95d609f4ebea6.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\eb183cf5d6e217532b203ab9f336e266537828eed01c53158da95d609f4ebea6.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\eb183cf5d6e217532b203ab9f336e266537828eed01c53158da95d609f4ebea6.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\eb183cf5d6e217532b203ab9f336e266537828eed01c53158da95d609f4ebea6.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\eb183cf5d6e217532b203ab9f336e266537828eed01c53158da95d609f4ebea6.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\eb183cf5d6e217532b203ab9f336e266537828eed01c53158da95d609f4ebea6.exe
"C:\Users\Admin\AppData\Local\Temp\eb183cf5d6e217532b203ab9f336e266537828eed01c53158da95d609f4ebea6.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\Temp\eb183cf5d6e217532b203ab9f336e266537828eed01c53158da95d609f4ebea6.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe /stext "C:\Users\Admin\AppData\Local\Temp\evujpbedwbjacxiqbjpadqwmktthpuq"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe /stext "C:\Users\Admin\AppData\Local\Temp\evujpbedwbjacxiqbjpadqwmktthpuq"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe /stext "C:\Users\Admin\AppData\Local\Temp\evujpbedwbjacxiqbjpadqwmktthpuq"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe /stext "C:\Users\Admin\AppData\Local\Temp\gyzbqtpwkjbffdwusubtocidtikiifheeg"
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe /stext "C:\Users\Admin\AppData\Local\Temp\rseurm"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ocservice.duckdns.org | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| FR | 188.165.120.122:6622 | ocservice.duckdns.org | tcp |
| FR | 188.165.120.122:6622 | ocservice.duckdns.org | tcp |
| FR | 188.165.120.122:6622 | ocservice.duckdns.org | tcp |
| FR | 188.165.120.122:6622 | ocservice.duckdns.org | tcp |
| US | 8.8.8.8:53 | 122.120.165.188.in-addr.arpa | udp |
| US | 8.8.8.8:53 | geoplugin.net | udp |
| NL | 178.237.33.50:80 | geoplugin.net | tcp |
| US | 8.8.8.8:53 | 50.33.237.178.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 81.144.22.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 55.36.223.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
Files
memory/1360-11-0x00000000027E0000-0x00000000027E4000-memory.dmp
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe
| MD5 | 2592d02088ef02e13ad5740fd85ceb17 |
| SHA1 | 7abba6c521701ae077d7c29f28c87b44d8411922 |
| SHA256 | eb183cf5d6e217532b203ab9f336e266537828eed01c53158da95d609f4ebea6 |
| SHA512 | 50314d33155c066f1cfbb9efac5cfcc9e540c63ff1ccb3c463e6286ee6acac81a09bb1a1b552c2b6243df4ec52aa015ee803900566f1c25f0edfbbe408547310 |
C:\Users\Admin\AppData\Local\Temp\Clinton
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Temp\nonplacental
| MD5 | 39f11e09f25827416870bd8fb80dae80 |
| SHA1 | f2ae6e01c6ea97ec0c8231cb1b1dbcc5bb40b559 |
| SHA256 | 98639412ce9f24682c61415e01b68edc3ad92ef2f2df8c5ec7a9b6c026ae8061 |
| SHA512 | a0e8a9e8353e0849257baa2b205ffc85ce493a3de0d695164deb7bc50ed3906ceeb089e1ce5dce3e34da29a1544d26ff6b92690d1122e0af65e2351456551596 |
C:\Users\Admin\AppData\Local\Temp\aut73F7.tmp
| MD5 | 7586ea2d22723d5c80e760e7f115905f |
| SHA1 | 7eec84c9e175cd5708a979a07b15b2308c31ca89 |
| SHA256 | 8ed2769776974e959a64d8df8958a0f044c50cc0a58cec4310ff65949e78a77b |
| SHA512 | 4a7f7d431fc43995b4524f2ab96b8a45a92e8ca8a18ec9e7d0e3cd19cfc8e7d28d9bd87b2e9d9b26c26e2b858930ad40773d630ffff2455c2a74913f6de66ef7 |
C:\Users\Admin\AppData\Local\Temp\Clinton
| MD5 | eb1d1b864ad0ed4efa8d4b52cad77a57 |
| SHA1 | cf25a5ee400ee35800602403feefe6890750d2b8 |
| SHA256 | 3f05521a0f1414f9f21c8108d479de3dad21e1653a4fa340d1cd7a1c0c6d5388 |
| SHA512 | ad685f8da8d9fa8d1bd3eadea9d648ccb8c761577bca997dd20d54f8c32805589312d3ff3ca8bcac276762d68478db15a4e02d111876e0be0d200ce191df3155 |
C:\Users\Admin\AppData\Local\Temp\aut7427.tmp
| MD5 | a5a40fc934677f0fdd666bb4d91792fb |
| SHA1 | 379dd9be82f137f8f8ca0ef28cbaafc8c13dbac9 |
| SHA256 | 8089238b137c0839db63e68c3e80eef93bb312c4111d3672145cac4f8a6e350c |
| SHA512 | 64cddeb941a39b46f780b30f509fc4993e78a0a74505ad69b3cbb5b75e0299f1387f68c83b35507975d72187cbcbffd82a7e3f389cc3f690b30b140291b99810 |
memory/4928-44-0x0000000000400000-0x0000000000482000-memory.dmp
memory/4928-46-0x0000000000400000-0x0000000000482000-memory.dmp
memory/4928-45-0x0000000000400000-0x0000000000482000-memory.dmp
memory/4928-50-0x0000000000400000-0x0000000000482000-memory.dmp
memory/4928-49-0x0000000000400000-0x0000000000482000-memory.dmp
memory/4928-51-0x0000000000400000-0x0000000000482000-memory.dmp
memory/4928-52-0x0000000000400000-0x0000000000482000-memory.dmp
memory/4928-53-0x0000000000400000-0x0000000000482000-memory.dmp
memory/4928-55-0x0000000000400000-0x0000000000482000-memory.dmp
memory/4928-56-0x0000000000400000-0x0000000000482000-memory.dmp
memory/4928-54-0x0000000000400000-0x0000000000482000-memory.dmp
memory/4928-58-0x0000000000400000-0x0000000000482000-memory.dmp
memory/2672-64-0x0000000000400000-0x0000000000478000-memory.dmp
memory/2672-73-0x0000000000400000-0x0000000000478000-memory.dmp
memory/1604-75-0x0000000000400000-0x0000000000424000-memory.dmp
memory/2672-76-0x0000000000400000-0x0000000000478000-memory.dmp
memory/1604-74-0x0000000000400000-0x0000000000424000-memory.dmp
memory/3980-72-0x0000000000400000-0x0000000000462000-memory.dmp
memory/1604-70-0x0000000000400000-0x0000000000424000-memory.dmp
memory/2672-69-0x0000000000400000-0x0000000000478000-memory.dmp
memory/3980-67-0x0000000000400000-0x0000000000462000-memory.dmp
memory/3980-80-0x0000000000400000-0x0000000000462000-memory.dmp
memory/2672-82-0x0000000000400000-0x0000000000478000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\evujpbedwbjacxiqbjpadqwmktthpuq
| MD5 | 2538ec9e8425a905937573069b77d4c2 |
| SHA1 | ad0c2b7aff4382e23444d26adac96d9697b849f3 |
| SHA256 | 29338949fae4c88a972837aae898529e4c7a2c4df35982eef2f8d7b602c17f4e |
| SHA512 | a867a471b837b9c662528ee7a5904e8fe7b1eebb277b8a7fe4d4caf423fae914baf692bb5004c02ddb539b157d63326178467e28b03aa92a533cda19155d501c |
memory/4928-84-0x0000000010000000-0x0000000010019000-memory.dmp
memory/4928-87-0x0000000010000000-0x0000000010019000-memory.dmp
memory/4928-88-0x0000000010000000-0x0000000010019000-memory.dmp
memory/4928-89-0x0000000000400000-0x0000000000482000-memory.dmp
memory/4928-93-0x0000000000400000-0x0000000000482000-memory.dmp
memory/4928-94-0x0000000000400000-0x0000000000482000-memory.dmp
memory/4928-96-0x0000000000400000-0x0000000000482000-memory.dmp
C:\ProgramData\evferf\logs.dat
| MD5 | e1ae291295f27dc0f84259a4261dafcd |
| SHA1 | e1680bd2bad00f325c0efb81bd47407f8da2a4c7 |
| SHA256 | 88305e73a48da998d63a2e5bbd23bf73f42000cabbd8a95308c43467fc207990 |
| SHA512 | 40f7c1bc50f7d38c443675cedc471e9ec937d7d9b013333694467765af48ef88db795455dd3c30a4e7a3efedbc94f5e01fd96e0264ea02d6ad6c25250d3bebb4 |
memory/4928-102-0x0000000000400000-0x0000000000482000-memory.dmp
memory/4928-103-0x0000000000400000-0x0000000000482000-memory.dmp
memory/4928-110-0x0000000000400000-0x0000000000482000-memory.dmp
memory/4928-111-0x0000000000400000-0x0000000000482000-memory.dmp
memory/4928-119-0x0000000000400000-0x0000000000482000-memory.dmp
memory/4928-118-0x0000000000400000-0x0000000000482000-memory.dmp
memory/4928-126-0x0000000000400000-0x0000000000482000-memory.dmp
memory/4928-127-0x0000000000400000-0x0000000000482000-memory.dmp