Analysis
-
max time kernel
149s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
15-08-2024 13:34
Static task
static1
Behavioral task
behavioral1
Sample
eb183cf5d6e217532b203ab9f336e266537828eed01c53158da95d609f4ebea6.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
eb183cf5d6e217532b203ab9f336e266537828eed01c53158da95d609f4ebea6.exe
Resource
win10v2004-20240802-en
General
-
Target
eb183cf5d6e217532b203ab9f336e266537828eed01c53158da95d609f4ebea6.exe
-
Size
1.4MB
-
MD5
2592d02088ef02e13ad5740fd85ceb17
-
SHA1
7abba6c521701ae077d7c29f28c87b44d8411922
-
SHA256
eb183cf5d6e217532b203ab9f336e266537828eed01c53158da95d609f4ebea6
-
SHA512
50314d33155c066f1cfbb9efac5cfcc9e540c63ff1ccb3c463e6286ee6acac81a09bb1a1b552c2b6243df4ec52aa015ee803900566f1c25f0edfbbe408547310
-
SSDEEP
24576:IqDEvCTbMWu7rQYlBQcBiT6rprG8arcpZttWJ84kzOS:ITvC/MTQYxsWR7arcPu
Malware Config
Signatures
-
Drops startup file 1 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jailkeeper.vbs jailkeeper.exe -
Executes dropped EXE 64 IoCs
pid Process 2232 jailkeeper.exe 2356 jailkeeper.exe 2792 jailkeeper.exe 2464 jailkeeper.exe 2768 jailkeeper.exe 2580 jailkeeper.exe 2280 jailkeeper.exe 2900 jailkeeper.exe 784 jailkeeper.exe 2132 jailkeeper.exe 1528 jailkeeper.exe 3064 jailkeeper.exe 2276 jailkeeper.exe 860 jailkeeper.exe 1520 jailkeeper.exe 964 jailkeeper.exe 1100 jailkeeper.exe 1664 jailkeeper.exe 764 jailkeeper.exe 1492 jailkeeper.exe 2076 jailkeeper.exe 2360 jailkeeper.exe 2528 jailkeeper.exe 1496 jailkeeper.exe 1028 jailkeeper.exe 2800 jailkeeper.exe 2744 jailkeeper.exe 2608 jailkeeper.exe 2592 jailkeeper.exe 2624 jailkeeper.exe 2916 jailkeeper.exe 800 jailkeeper.exe 1824 jailkeeper.exe 1160 jailkeeper.exe 2948 jailkeeper.exe 2260 jailkeeper.exe 2292 jailkeeper.exe 444 jailkeeper.exe 2964 jailkeeper.exe 1996 jailkeeper.exe 904 jailkeeper.exe 1344 jailkeeper.exe 2836 jailkeeper.exe 536 jailkeeper.exe 856 jailkeeper.exe 2520 jailkeeper.exe 1536 jailkeeper.exe 552 jailkeeper.exe 2856 jailkeeper.exe 264 jailkeeper.exe 2848 jailkeeper.exe 2748 jailkeeper.exe 2652 jailkeeper.exe 1084 jailkeeper.exe 344 jailkeeper.exe 2484 jailkeeper.exe 1692 jailkeeper.exe 2880 jailkeeper.exe 2196 jailkeeper.exe 396 jailkeeper.exe 2096 jailkeeper.exe 1096 jailkeeper.exe 1728 jailkeeper.exe 612 jailkeeper.exe -
Loads dropped DLL 1 IoCs
pid Process 2092 eb183cf5d6e217532b203ab9f336e266537828eed01c53158da95d609f4ebea6.exe -
AutoIT Executable 1 IoCs
AutoIT scripts compiled to PE executables.
resource yara_rule behavioral1/files/0x00070000000190d2-13.dat autoit_exe -
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jailkeeper.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jailkeeper.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jailkeeper.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jailkeeper.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jailkeeper.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jailkeeper.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jailkeeper.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jailkeeper.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jailkeeper.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jailkeeper.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jailkeeper.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jailkeeper.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jailkeeper.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jailkeeper.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jailkeeper.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jailkeeper.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jailkeeper.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jailkeeper.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jailkeeper.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jailkeeper.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jailkeeper.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jailkeeper.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jailkeeper.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jailkeeper.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jailkeeper.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jailkeeper.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jailkeeper.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jailkeeper.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jailkeeper.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jailkeeper.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jailkeeper.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jailkeeper.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jailkeeper.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jailkeeper.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jailkeeper.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jailkeeper.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jailkeeper.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jailkeeper.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jailkeeper.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jailkeeper.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jailkeeper.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jailkeeper.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jailkeeper.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jailkeeper.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jailkeeper.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jailkeeper.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jailkeeper.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jailkeeper.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jailkeeper.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jailkeeper.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jailkeeper.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jailkeeper.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jailkeeper.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jailkeeper.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jailkeeper.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jailkeeper.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jailkeeper.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jailkeeper.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jailkeeper.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jailkeeper.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jailkeeper.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jailkeeper.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jailkeeper.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jailkeeper.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 2092 eb183cf5d6e217532b203ab9f336e266537828eed01c53158da95d609f4ebea6.exe 2092 eb183cf5d6e217532b203ab9f336e266537828eed01c53158da95d609f4ebea6.exe 2232 jailkeeper.exe 2232 jailkeeper.exe 2356 jailkeeper.exe 2356 jailkeeper.exe 2792 jailkeeper.exe 2792 jailkeeper.exe 2464 jailkeeper.exe 2464 jailkeeper.exe 2768 jailkeeper.exe 2768 jailkeeper.exe 2580 jailkeeper.exe 2580 jailkeeper.exe 2280 jailkeeper.exe 2280 jailkeeper.exe 2900 jailkeeper.exe 2900 jailkeeper.exe 784 jailkeeper.exe 784 jailkeeper.exe 2132 jailkeeper.exe 2132 jailkeeper.exe 1528 jailkeeper.exe 1528 jailkeeper.exe 3064 jailkeeper.exe 3064 jailkeeper.exe 2276 jailkeeper.exe 2276 jailkeeper.exe 860 jailkeeper.exe 860 jailkeeper.exe 1520 jailkeeper.exe 1520 jailkeeper.exe 964 jailkeeper.exe 964 jailkeeper.exe 1100 jailkeeper.exe 1100 jailkeeper.exe 1664 jailkeeper.exe 1664 jailkeeper.exe 764 jailkeeper.exe 764 jailkeeper.exe 1492 jailkeeper.exe 1492 jailkeeper.exe 2076 jailkeeper.exe 2076 jailkeeper.exe 2360 jailkeeper.exe 2360 jailkeeper.exe 2528 jailkeeper.exe 2528 jailkeeper.exe 1496 jailkeeper.exe 1496 jailkeeper.exe 1028 jailkeeper.exe 1028 jailkeeper.exe 2800 jailkeeper.exe 2800 jailkeeper.exe 2744 jailkeeper.exe 2744 jailkeeper.exe 2608 jailkeeper.exe 2608 jailkeeper.exe 2592 jailkeeper.exe 2592 jailkeeper.exe 2624 jailkeeper.exe 2624 jailkeeper.exe 2916 jailkeeper.exe 2916 jailkeeper.exe -
Suspicious use of SendNotifyMessage 64 IoCs
pid Process 2092 eb183cf5d6e217532b203ab9f336e266537828eed01c53158da95d609f4ebea6.exe 2092 eb183cf5d6e217532b203ab9f336e266537828eed01c53158da95d609f4ebea6.exe 2232 jailkeeper.exe 2232 jailkeeper.exe 2356 jailkeeper.exe 2356 jailkeeper.exe 2792 jailkeeper.exe 2792 jailkeeper.exe 2464 jailkeeper.exe 2464 jailkeeper.exe 2768 jailkeeper.exe 2768 jailkeeper.exe 2580 jailkeeper.exe 2580 jailkeeper.exe 2280 jailkeeper.exe 2280 jailkeeper.exe 2900 jailkeeper.exe 2900 jailkeeper.exe 784 jailkeeper.exe 784 jailkeeper.exe 2132 jailkeeper.exe 2132 jailkeeper.exe 1528 jailkeeper.exe 1528 jailkeeper.exe 3064 jailkeeper.exe 3064 jailkeeper.exe 2276 jailkeeper.exe 2276 jailkeeper.exe 860 jailkeeper.exe 860 jailkeeper.exe 1520 jailkeeper.exe 1520 jailkeeper.exe 964 jailkeeper.exe 964 jailkeeper.exe 1100 jailkeeper.exe 1100 jailkeeper.exe 1664 jailkeeper.exe 1664 jailkeeper.exe 764 jailkeeper.exe 764 jailkeeper.exe 1492 jailkeeper.exe 1492 jailkeeper.exe 2076 jailkeeper.exe 2076 jailkeeper.exe 2360 jailkeeper.exe 2360 jailkeeper.exe 2528 jailkeeper.exe 2528 jailkeeper.exe 1496 jailkeeper.exe 1496 jailkeeper.exe 1028 jailkeeper.exe 1028 jailkeeper.exe 2800 jailkeeper.exe 2800 jailkeeper.exe 2744 jailkeeper.exe 2744 jailkeeper.exe 2608 jailkeeper.exe 2608 jailkeeper.exe 2592 jailkeeper.exe 2592 jailkeeper.exe 2624 jailkeeper.exe 2624 jailkeeper.exe 2916 jailkeeper.exe 2916 jailkeeper.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2092 wrote to memory of 2232 2092 eb183cf5d6e217532b203ab9f336e266537828eed01c53158da95d609f4ebea6.exe 31 PID 2092 wrote to memory of 2232 2092 eb183cf5d6e217532b203ab9f336e266537828eed01c53158da95d609f4ebea6.exe 31 PID 2092 wrote to memory of 2232 2092 eb183cf5d6e217532b203ab9f336e266537828eed01c53158da95d609f4ebea6.exe 31 PID 2092 wrote to memory of 2232 2092 eb183cf5d6e217532b203ab9f336e266537828eed01c53158da95d609f4ebea6.exe 31 PID 2232 wrote to memory of 2356 2232 jailkeeper.exe 32 PID 2232 wrote to memory of 2356 2232 jailkeeper.exe 32 PID 2232 wrote to memory of 2356 2232 jailkeeper.exe 32 PID 2232 wrote to memory of 2356 2232 jailkeeper.exe 32 PID 2356 wrote to memory of 2792 2356 jailkeeper.exe 33 PID 2356 wrote to memory of 2792 2356 jailkeeper.exe 33 PID 2356 wrote to memory of 2792 2356 jailkeeper.exe 33 PID 2356 wrote to memory of 2792 2356 jailkeeper.exe 33 PID 2792 wrote to memory of 2464 2792 jailkeeper.exe 34 PID 2792 wrote to memory of 2464 2792 jailkeeper.exe 34 PID 2792 wrote to memory of 2464 2792 jailkeeper.exe 34 PID 2792 wrote to memory of 2464 2792 jailkeeper.exe 34 PID 2464 wrote to memory of 2768 2464 jailkeeper.exe 35 PID 2464 wrote to memory of 2768 2464 jailkeeper.exe 35 PID 2464 wrote to memory of 2768 2464 jailkeeper.exe 35 PID 2464 wrote to memory of 2768 2464 jailkeeper.exe 35 PID 2768 wrote to memory of 2580 2768 jailkeeper.exe 36 PID 2768 wrote to memory of 2580 2768 jailkeeper.exe 36 PID 2768 wrote to memory of 2580 2768 jailkeeper.exe 36 PID 2768 wrote to memory of 2580 2768 jailkeeper.exe 36 PID 2580 wrote to memory of 2280 2580 jailkeeper.exe 37 PID 2580 wrote to memory of 2280 2580 jailkeeper.exe 37 PID 2580 wrote to memory of 2280 2580 jailkeeper.exe 37 PID 2580 wrote to memory of 2280 2580 jailkeeper.exe 37 PID 2280 wrote to memory of 2900 2280 jailkeeper.exe 38 PID 2280 wrote to memory of 2900 2280 jailkeeper.exe 38 PID 2280 wrote to memory of 2900 2280 jailkeeper.exe 38 PID 2280 wrote to memory of 2900 2280 jailkeeper.exe 38 PID 2900 wrote to memory of 784 2900 jailkeeper.exe 39 PID 2900 wrote to memory of 784 2900 jailkeeper.exe 39 PID 2900 wrote to memory of 784 2900 jailkeeper.exe 39 PID 2900 wrote to memory of 784 2900 jailkeeper.exe 39 PID 784 wrote to memory of 2132 784 jailkeeper.exe 40 PID 784 wrote to memory of 2132 784 jailkeeper.exe 40 PID 784 wrote to memory of 2132 784 jailkeeper.exe 40 PID 784 wrote to memory of 2132 784 jailkeeper.exe 40 PID 2132 wrote to memory of 1528 2132 jailkeeper.exe 41 PID 2132 wrote to memory of 1528 2132 jailkeeper.exe 41 PID 2132 wrote to memory of 1528 2132 jailkeeper.exe 41 PID 2132 wrote to memory of 1528 2132 jailkeeper.exe 41 PID 1528 wrote to memory of 3064 1528 jailkeeper.exe 42 PID 1528 wrote to memory of 3064 1528 jailkeeper.exe 42 PID 1528 wrote to memory of 3064 1528 jailkeeper.exe 42 PID 1528 wrote to memory of 3064 1528 jailkeeper.exe 42 PID 3064 wrote to memory of 2276 3064 jailkeeper.exe 43 PID 3064 wrote to memory of 2276 3064 jailkeeper.exe 43 PID 3064 wrote to memory of 2276 3064 jailkeeper.exe 43 PID 3064 wrote to memory of 2276 3064 jailkeeper.exe 43 PID 2276 wrote to memory of 860 2276 jailkeeper.exe 44 PID 2276 wrote to memory of 860 2276 jailkeeper.exe 44 PID 2276 wrote to memory of 860 2276 jailkeeper.exe 44 PID 2276 wrote to memory of 860 2276 jailkeeper.exe 44 PID 860 wrote to memory of 1520 860 jailkeeper.exe 45 PID 860 wrote to memory of 1520 860 jailkeeper.exe 45 PID 860 wrote to memory of 1520 860 jailkeeper.exe 45 PID 860 wrote to memory of 1520 860 jailkeeper.exe 45 PID 1520 wrote to memory of 964 1520 jailkeeper.exe 46 PID 1520 wrote to memory of 964 1520 jailkeeper.exe 46 PID 1520 wrote to memory of 964 1520 jailkeeper.exe 46 PID 1520 wrote to memory of 964 1520 jailkeeper.exe 46
Processes
-
C:\Users\Admin\AppData\Local\Temp\eb183cf5d6e217532b203ab9f336e266537828eed01c53158da95d609f4ebea6.exe"C:\Users\Admin\AppData\Local\Temp\eb183cf5d6e217532b203ab9f336e266537828eed01c53158da95d609f4ebea6.exe"1⤵
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2092 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\Temp\eb183cf5d6e217532b203ab9f336e266537828eed01c53158da95d609f4ebea6.exe"2⤵
- Drops startup file
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2232 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2356 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2792 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"5⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2464 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"6⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2768 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"7⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2580 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"8⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2280 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"9⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2900 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"10⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:784 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"11⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2132 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"12⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1528 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"13⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3064 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"14⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2276 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"15⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:860 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"16⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1520 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"17⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:964 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"18⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1100 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"19⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1664 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"20⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:764 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"21⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1492 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"22⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2076 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"23⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2360 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"24⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2528 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"25⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1496 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"26⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1028 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"27⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2800 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"28⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2744 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"29⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2608 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"30⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2592 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"31⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2624 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"32⤵
- Executes dropped EXE
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2916 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"33⤵
- Executes dropped EXE
PID:800 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"34⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1824 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"35⤵
- Executes dropped EXE
PID:1160 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"36⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2948 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"37⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2260 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"38⤵
- Executes dropped EXE
PID:2292 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"39⤵
- Executes dropped EXE
PID:444 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"40⤵
- Executes dropped EXE
PID:2964 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"41⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1996 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"42⤵
- Executes dropped EXE
PID:904 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"43⤵
- Executes dropped EXE
PID:1344 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"44⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2836 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"45⤵
- Executes dropped EXE
PID:536 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"46⤵
- Executes dropped EXE
PID:856 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"47⤵
- Executes dropped EXE
PID:2520 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"48⤵
- Executes dropped EXE
PID:1536 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"49⤵
- Executes dropped EXE
PID:552 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"50⤵
- Executes dropped EXE
PID:2856 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"51⤵
- Executes dropped EXE
PID:264 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"52⤵
- Executes dropped EXE
PID:2848 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"53⤵
- Executes dropped EXE
PID:2748 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"54⤵
- Executes dropped EXE
PID:2652 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"55⤵
- Executes dropped EXE
PID:1084 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"56⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:344 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"57⤵
- Executes dropped EXE
PID:2484 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"58⤵
- Executes dropped EXE
PID:1692 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"59⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2880 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"60⤵
- Executes dropped EXE
PID:2196 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"61⤵
- Executes dropped EXE
PID:396 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"62⤵
- Executes dropped EXE
PID:2096 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"63⤵
- Executes dropped EXE
PID:1096 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"64⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1728 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"65⤵
- Executes dropped EXE
PID:612 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"66⤵PID:3048
-
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"67⤵
- System Location Discovery: System Language Discovery
PID:464 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"68⤵PID:1580
-
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"69⤵
- System Location Discovery: System Language Discovery
PID:2508 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"70⤵
- System Location Discovery: System Language Discovery
PID:1380 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"71⤵
- System Location Discovery: System Language Discovery
PID:2712 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"72⤵PID:2708
-
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"73⤵PID:2616
-
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"74⤵PID:2632
-
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"75⤵PID:2240
-
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"76⤵PID:1836
-
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"77⤵PID:2648
-
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"78⤵PID:1156
-
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"79⤵
- System Location Discovery: System Language Discovery
PID:2148 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"80⤵PID:992
-
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"81⤵
- System Location Discovery: System Language Discovery
PID:1924 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"82⤵PID:1512
-
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"83⤵PID:2564
-
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"84⤵PID:2500
-
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"85⤵PID:700
-
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"86⤵PID:2156
-
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"87⤵
- System Location Discovery: System Language Discovery
PID:336 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"88⤵PID:2524
-
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"89⤵
- System Location Discovery: System Language Discovery
PID:2692 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"90⤵PID:2820
-
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"91⤵
- System Location Discovery: System Language Discovery
PID:2576 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"92⤵PID:2288
-
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"93⤵PID:2868
-
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"94⤵PID:2116
-
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"95⤵PID:2668
-
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"96⤵PID:2956
-
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"97⤵PID:900
-
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"98⤵PID:1256
-
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"99⤵PID:3016
-
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"100⤵PID:3056
-
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"101⤵PID:2320
-
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"102⤵PID:2372
-
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"103⤵
- System Location Discovery: System Language Discovery
PID:2540 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"104⤵
- System Location Discovery: System Language Discovery
PID:2740 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"105⤵
- System Location Discovery: System Language Discovery
PID:2844 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"106⤵PID:1180
-
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"107⤵PID:2024
-
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"108⤵PID:1916
-
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"109⤵PID:1868
-
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"110⤵PID:2164
-
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"111⤵
- System Location Discovery: System Language Discovery
PID:924 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"112⤵PID:1876
-
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"113⤵
- System Location Discovery: System Language Discovery
PID:2020 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"114⤵PID:3068
-
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"115⤵
- System Location Discovery: System Language Discovery
PID:1508 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"116⤵PID:1720
-
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"117⤵
- System Location Discovery: System Language Discovery
PID:2860 -
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"118⤵PID:3004
-
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"119⤵PID:2804
-
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"120⤵PID:1540
-
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"121⤵PID:1592
-
C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"C:\Users\Admin\AppData\Local\woolpacks\jailkeeper.exe"122⤵PID:2568
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-